Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Sql connections problem after PIX upgrade to 8.0

after upgrading from version 7.2 to 8.0(4), clients couldn't connect to the database through the firewall using Toad software but they can connect using SQL.

I checked the firewall and found some dropped packets in inspect sqlnet.

I disabled sqlnet inspection and the clients can connect.

The next day some clients reported that the database applications isn't working, I checked the firewall and found some denied connections on ports other than 1521

What is the problem, Please help

4 REPLIES
Cisco Employee

Re: Sql connections problem after PIX upgrade to 8.0

There are known issues with SQLNET traffic traversing through the firewall on 8.0.4, one of the known issue CSCsu44598

Upgrade to 8.0.4.8

Community Member

Re: Sql connections problem after PIX upgrade to 8.0

Please send me more details about these issues as I think 8.0(4)3 is the latest version

Community Member

Re: Sql connections problem after PIX upgrade to 8.0

Nobody answered me

How do I know the latest versoin and where can I find information about this bug??

Thanks

Re: Sql connections problem after PIX upgrade to 8.0

Here is details, if you have cco access to download software see interim releases to get the codes , if not there you probably need to open a TAC case to get codes not shown in interim area. However, you have coupled of workaround seen down bellow , the quickest workaround is to disable sql inspection in your global policy to atleast get you up and running with sql.

CSCsu44598 Bug Details

SQLNet inspection closes flow

Symptom:

Issue with SQLNet access

Conditions:

Issue is seen with ASA 8.0(4) with SQLNet inspection enabled. Inspection

denies CLOB data field size of greater than 4KB. The following log messages

are seen on the ASA:

%ASA-6-302014: Teardown TCP connection...Flow closed by inspection

When enabling 'debug sqlnet 255 ', you may also see the following debug message:

SQLNet: multiple TNS frames in one packet!

Workarounds:

1) Disable SQLNet inspection

2) Downgrade to a version prior to 8.0.3.33

Further Problem Description:

This bug was introduced due to the integration of CSCsr27940 in version

8.0.3.33 and 7.2.4.15. Versions prior to these release should not be affected.

Status

Fixed

(Resolved)

Severity

3 - moderate

Product

Cisco ASA 5500 Series Adaptive Security Appliances

Technology

1st Found-In

8.0(4)

Fixed-In

8.1(2.1)

8.2(0.161)

8.0(4.7)

7.2(4.17)

8.1(2.2)

1386
Views
5
Helpful
4
Replies
CreatePlease to create content