Upgrade fron 6.3(4) to 7.0(1), and Websphere aplication
I just uprade my Cisco PiX 525 from version 6.3(4) to 7.0(1)
On the ouside interface, we have a VPN tunnel (ipsec) with Nat. We have some clients in the inside that use WebSphere to speak with a host in the outside interface. Since we did the upgrade, we are having some connectivity problems trough the VPN. About 10% of the conversations from this clients are failing, and we are receving this WebSphereMQ errors in our clients:
Remote host 'mqseries (172.20.22.10) (1415)' not available, retry later.
> The attempt to allocate a conversation using TCP/IP to host 'mqseries (172.20.22.10) (1415)' was not successful. However the error may be a transitory one and it may be possible to successfully allocate a TCP/IP conversation later.
Every thing else is working just fine (http, mail, other aplications...). We have also try versions 7.0(2), 7.0(4) 7.1(1), but we are still having the same problem. When we downgrade back to version 6.3(4) the problem disappears
Re: Upgrade fron 6.3(4) to 7.0(1), and Websphere aplication
To further look into this issue, can you explain me regarding your network topology?. i mean the network setup you use along with the info on your device models. Also, send me the "sh tech" output from that pix device. This will help me to correctly point out the reason.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...