Has anyone seen any problems with running IBM's ADSM backup through a PIX? We put in a couple 6500 Firewall Service Modules this weekend, and the backup guys are telling us that the backups have started failing.
We are allowing all traffic from the backup server, to the server being backed up. I don't see any denies in the firewall log.
Of course the problem is not consistent. The problem seems to mainly be with large files. We are getting about a 20% success rate. We put a sniffer on the network, and when the transfer does fail, the connection is being closed by the server. When the backup finishes successfully, the server being backed up closes the connection.
I have seen backup software from other vendors fail, however they usually were using multiple connections, and the "control connection" would time out on the Pix, due to inactivity when backing up a large file.
ADSM does not use a control connection. The server being backed up connects to the ADSM server using TCP port 1500. All data passes on that connection.
Any help would be gratefully appriciated. It's been a long weekend.
Haven't come across something like this, but from what I can think of you could check for the mtu. You can use the mtu < bytes> command to alter the mtu value on the interface of the PIX. Since the problem occurs when there are large file transfers this might resolve the issue. Check the command reference for details.
You could also check for the conduit statements just to ensure that the traffic is being permitted.
Since there are no error logs available, it would be difficult to troubleshoot and get down to the exact issue.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...