Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Inspect sqlnet ASA Release 8.0.3.19

Hi, since we updated our ASA 5550 to 8.0.3.19 we're having problems with our SQLNET (port 1521 with Oracle SQL servers) connections to our DMZ Servers. The connections drops often. On Some servers we cannot connect at all. But nothing at all in the logs, no drops.

After we disabled "inspect sqlnet" it works fine. But that's may not the way it should be.

Has anybody else problems with sqlnet and Release 8.0.3.19? With Release 8.0.2.x it worked fine.

5 REPLIES
Silver

Re: Inspect sqlnet ASA Release 8.0.3.19

To enable Oracle SQL*Net application inspection, use the inspect sqlnet command in class configuration mode. Class configuration mode is accessible from policy map configuration mode. To remove the configuration, use the no form of this command.

New Member

Re: Inspect sqlnet ASA Release 8.0.3.19

Hi

Yes, there is bug related the SQL inspect and ASA (failover mode):

Please look at bug details:

CSCsr06900 Bug Details

watchdog failure in sqlnet inspection engine

Symptom:

A PIX or ASA firewall running 8.0.x code may crash and reload citing the Dispatch Unit thread as the crashing thread.

Conditions:

This occurs on versions of ASA and PIX firewall code prior to 8.0.3.25.

Workaround:

None at this time Status

Fixed

Severity

1 - catastrophic

Last Modified

In Last 3 Days

Product

Cisco ASA 5500 Series Adaptive Security Appliances

Technology

1st Found-In

8.0(3.25)

Fixed-In

8.1(1.8)

8.0(3.29)

8.2(0.136)

8.1(101.3)

8.1(101.4)

8.2(0.140)

Related Bug Information

Crash in 8.0.3.20 with SQLNET Inspection and Failover enabled

Symptom: Crash causing a reload on the active unit in a failover pair. Conditions: Enabling failover with 8.0.3.20 and SQLNET inspection enabled. Workaround: Downgrade to 8.0.3.18 or lower.

HTH

MD

Re: Inspect sqlnet ASA Release 8.0.3.19

Hi Guys,

We are running 8.0.4 and we are also experiencing problems with the SQLNET inspection. My firewalls are in context mode and failover are active/active. We are able to connect to a DB and open a his table through SQL Net Client but if we used ODBC Connector, it's not working. We can connect to the DB but are unable to open tables. The result his a status message, ORA-03123, from Oracle. If i disabled SQLNet inspection everything his working fine.

If u have any clue, let me know.

Thanks

New Member

Re: Inspect sqlnet ASA Release 8.0.3.19

Hi Francois,

I guessed you runed into this bug CSCsu44598. I will open an TAC request and ask, when and in what release there will be an fix for this issue.

Thanks

Henric

New Member

Re: Inspect sqlnet ASA Release 8.0.3.19

According to TAC, this will be fix in 8.0.4.6

HTH

MD

2591
Views
5
Helpful
5
Replies