Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Server to server communication between sites


As per the diagram, Server A and Server B need to communicate with each other..

I have configured the routers and firewall but the two servers cannot communicate to each other from either side using port 1521 (sqlnet)

Routes have also been added on each server specifying each internal router IP address as the gateway.

Please check if this configuration will work.

See attached the configurations and diagram.



Super Bronze

Server to server communication between sites


If what you said above is true, shouldn't your Server A default gateway be the ASA inside interface IP address and not the router?

- Jouni

Community Member

Server to server communication between sites


Actually, the default gateway of Server A is the ASA's inside interface and the default gateway of Server'B is the internal IP address of Router B.

I have talked with the database team and communication should be intiated from Server A to Server B.

They have tried to performs tnsping from Server A to Server B over port 1521 but the comunication fails.

- Alvin

Super Bronze

Re: Server to server communication between sites


Maybe the next steps would be to confirm that the connection from Server A is coming to ASA through ASDM monitor perhaps?

If they are coming to ASA you can probably also see what happens to the  connection. Is the connection perhaps tore down because SYN Timeout or  something else.

Maybe you can even take a capture of the traffic from Server A on the ASA to see what happens.

Does the ASA have an permitting statement on the inside ACL? Your ASA configuration attachment doesnt show the access-list itself, but only that an access-list has been attached to the inside interface.

I guess one culprit might even be the inspect command on the ASA if you have it enabled under the policy-map (at the very end of the configuration when issuing "show run" on CLI, or you can just issue "show run policy-map") But this is just guessing from me.

Have you tried using ICMP to confirm that there is connection from Server A to the other network?

- Jouni

CreatePlease to create content