Hi All,
we do have ASA 5510 with IOS Version 8.0(4).User from inside connects to SQL database in customer place which is at outside. Users can run smaller database queries however they can not run logners queries & get ora-03113 error on client.
we found sql inspect reset increasing by 1 when user tries to connect each time.
Do that mean we need to disable / remote sql inspect form global service policy. Following is policy config.
Need expert advise on following.
1. Do we need to remove sql inspect from service policy
2. will their be any impact while removing policy
3. Is their any way to bypass this specific flow the sql inspect (because dont know if other communications / users may need it)
4. steps to remove sql inspect
Please help..
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
Global policy:
Service-policy: global_policy
Class-map: inspection_default
Inspect: dns preset_dns_map, packet 632, drop 0, reset-drop 0
Inspect: ftp, packet 240935, drop 0, reset-drop 0
Inspect: h323 h225 _default_h323_map, packet 0, drop 0, reset-drop 0
Inspect: h323 ras _default_h323_map, packet 0, drop 0, reset-drop 0
Inspect: rsh, packet 0, drop 0, reset-drop 0
Inspect: rtsp, packet 0, drop 0, reset-drop 0
Inspect: esmtp _default_esmtp_map, packet 0, drop 0, reset-drop 0
Inspect: sqlnet, packet 1817867, drop 0, reset-drop 1796
Inspect: skinny , packet 0, drop 0, reset-drop 0
Inspect: sunrpc, packet 0, drop 0, reset-drop 0
Inspect: xdmcp, packet 0, drop 0, reset-drop 0
Inspect: sip , packet 0, drop 0, reset-drop 0
Inspect: netbios, packet 285, drop 0, reset-drop 0
Inspect: tftp, packet 4894, drop 0, reset-drop 0
