topic Re: Initial connections to sql servers timeout through ASA in Network Security https://community.cisco.com/t5/network-security/initial-connections-to-sql-servers-timeout-through-asa/m-p/2064435#M438889 <HTML><HEAD></HEAD><BODY><P style="text-align: justify;">Hi Bro</P><P style="text-align: justify;">Based on your problem description, I personally don't think this is an issue with your Cisco Firewall. The reason being, you said <EM>"The problem server is a webserver that connects back through the firewall to access the SQL server on port 1433. We also have many other webservers in the DMZ which access the same SQL server, but do not have the same timeout issues."</EM></P><P></P><P style="text-align: justify;">Since all the other Web Servers in DMZ has no issues accessing the SQL server except for this particular one, then what I would propose you to do is to perform 2 packet captures from within the Cisco Firewall i.e. from the non-working Web Server to the SQL server and from a&nbsp;&nbsp;&nbsp;&nbsp; working Web Server to the SQL server and compare the packet capture output. Chances are this could be an application scripting issue. Let me know how it goes.</P><P></P><P>If you're not sure on how to perform packet captures from within your Cisco Firewall, please refer to this URL; </P><P><A href="http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080a9edd6.shtml">http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080a9edd6.shtml</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P></BODY></HTML> Sat, 25 Aug 2012 13:30:14 GMT Ramraj Sivagnanam Sivajanam 2012-08-25T13:30:14Z Initial connections to sql servers timeout through ASA https://community.cisco.com/t5/network-security/initial-connections-to-sql-servers-timeout-through-asa/m-p/2064434#M438888 <P>I am on version 8.2(1) of ASA Code.</P><P></P><P>When accessing a SQL server on a secure internal interface,(Traffic is sourcing from DMZ) i'm getting some timeouts on the initial connection on port 1433.&nbsp;&nbsp; All subsequent connections work fine.&nbsp;&nbsp; Packet tracer shows the connection builds properly, and shouldn't have a connectivity issue.&nbsp;&nbsp; The problem server is a webserver that connects back through the firewall to access the SQL server on port 1433.&nbsp;&nbsp;&nbsp; We also have many other webservers in the DMZ which access the same SQL server, but do not have the same timeout issues.&nbsp;&nbsp; </P><P></P><P>Here are my timeouts, from the config</P><P></P><P>timeout xlate 3:00:00</P><P>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02</P><P>timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00</P><P>timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00</P><P>timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute</P><P>timeout tcp-proxy-reassembly 0:01:00</P><P>arp timeout 14400</P><P></P><P></P><P>I've seen a couple articles about increasing the tcp timeout to 3 hours for the DMZ interface, but I'm not sure that's the best idea.</P><P></P><P>Does anyone have an idea what might be wrong?&nbsp; </P> Mon, 11 Mar 2019 23:46:22 GMT https://community.cisco.com/t5/network-security/initial-connections-to-sql-servers-timeout-through-asa/m-p/2064434#M438888 lcnorwood 2019-03-11T23:46:22Z Re: Initial connections to sql servers timeout through ASA https://community.cisco.com/t5/network-security/initial-connections-to-sql-servers-timeout-through-asa/m-p/2064435#M438889 <HTML><HEAD></HEAD><BODY><P style="text-align: justify;">Hi Bro</P><P style="text-align: justify;">Based on your problem description, I personally don't think this is an issue with your Cisco Firewall. The reason being, you said <EM>"The problem server is a webserver that connects back through the firewall to access the SQL server on port 1433. We also have many other webservers in the DMZ which access the same SQL server, but do not have the same timeout issues."</EM></P><P></P><P style="text-align: justify;">Since all the other Web Servers in DMZ has no issues accessing the SQL server except for this particular one, then what I would propose you to do is to perform 2 packet captures from within the Cisco Firewall i.e. from the non-working Web Server to the SQL server and from a&nbsp;&nbsp;&nbsp;&nbsp; working Web Server to the SQL server and compare the packet capture output. Chances are this could be an application scripting issue. Let me know how it goes.</P><P></P><P>If you're not sure on how to perform packet captures from within your Cisco Firewall, please refer to this URL; </P><P><A href="http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080a9edd6.shtml">http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080a9edd6.shtml</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P></BODY></HTML> Sat, 25 Aug 2012 13:30:14 GMT https://community.cisco.com/t5/network-security/initial-connections-to-sql-servers-timeout-through-asa/m-p/2064435#M438889 Ramraj Sivagnanam Sivajanam 2012-08-25T13:30:14Z