Hi Everyone,
Having a strange problem. We recently migrated from FWSM to ASA-5585X running 9.1(2). Since we did that, we are having problems from an APP server in DMZ-A talking to a DB server in DMZ-B. The error we are getting in Oracle is ORA-12592: Bad Packet. Reading about this is says it could be the network, and our DBA's are telling us they saw the error for the first time about 4 hours after our firewall migration. To note, SQL inspect is OFF. We have done captures on each server, and on egress and ingress interfaces, but do not see anything special.
Anyone have any ideas?
Solved! Go to Solution.
As you collected the ingress and egress captures, please search for the TCP URGENT flag (wireshark filter
tcp.flags.urg==1 ), and check if it is used by the orable apps . The ASA by default clears this flag, so if your app uses this flag (as many oracle apps do) , you need to configure a tcp-map to allow it.
Regards.
Mashal Shboul
Please use this post: https://supportforums.cisco.com/thread/2212146
You can fix the issue on the ASA or you can do that at the database server. I personally think this should be fixed at the database server level by enabling SQL*net keep alive to maintain stability rather than depending on the firewall
As you collected the ingress and egress captures, please search for the TCP URGENT flag (wireshark filter
tcp.flags.urg==1 ), and check if it is used by the orable apps . The ASA by default clears this flag, so if your app uses this flag (as many oracle apps do) , you need to configure a tcp-map to allow it.
Regards.
Mashal Shboul
Please use this post: https://supportforums.cisco.com/thread/2212146
You can fix the issue on the ASA or you can do that at the database server. I personally think this should be fixed at the database server level by enabling SQL*net keep alive to maintain stability rather than depending on the firewall
Very good article - thanks. I will add these options to my service policy and see what happens.
Thanks - this is good info. I will create the service policy and see what happens.