In my network we have upgraded the FWSM software from 2.3 to 3.2. After the upgrade we have encountered the following problem.
We have an application that is using SQL-net protocol and is passing our FWSM in transparent mode. The problem is that the application running under the ip address 10.0.0.1 (on the outside of the FW) is sending the client (192.168.0.1) on the inside, redirect packet to ip address 10.0.0.2. When we capture the packet on the outside interface with the sniffer it looks correct (src from 10.0.0.0 redirects to 10.0.0.2), but when we captured the same packet on the inside interface (after it passed the FWSM) we can see that the redirect is sourced by the 10.0.0.1 but point to 10.0.0.1 instead of 10.0.0.2.
It looks like there is some kind of inspect running in the background that is changing the redirection ip address.
On the previous software version it this application works fine.
Does anybody have any ideas what inspection could do such modification and if it is possible to disabled it for specific type of communication without disrupting other kind of traffic.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...