Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5529
Views
0
Helpful
4
Replies

ASA 9.1 Problems with Oracle Database

Go to solution
jss.cisco
Level 1
Level 1

‎11-20-2013 07:56 AM - edited ‎03-11-2019 08:07 PM

Hi Everyone,

Having a strange problem.  We recently migrated from FWSM to ASA-5585X running 9.1(2).  Since we did that, we are having problems from an APP server in DMZ-A talking to a DB server in DMZ-B.  The error we are getting in Oracle is ORA-12592: Bad Packet.  Reading about this is says it could be the network, and our DBA's are telling us they saw the error for the first time about 4 hours after our firewall migration.  To note, SQL inspect is OFF.  We have done captures on each server, and on egress and ingress interfaces, but do not see anything special.

Anyone have any ideas?

3 people had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
malshbou
Level 1
Level 1

‎11-20-2013 08:13 AM

As you collected the ingress and egress captures, please search for the TCP URGENT flag (wireshark filter

tcp.flags.urg==1 ), and check if it is used by the orable apps . The ASA by default clears this flag, so if your app uses this flag (as many oracle apps do) , you need to configure a tcp-map to allow it.

Regards.
Mashal Shboul

------------------ Mashal Shboul

View solution in original post

0 Helpful

Go to solution
david.tran
Level 4
Level 4
In response to malshbou

‎11-20-2013 03:27 PM

Please use this post:  https://supportforums.cisco.com/thread/2212146

You can fix the issue on the ASA or you can do that at the database server.  I personally think this should be fixed at the database server level by enabling SQL*net keep alive to maintain stability rather than depending on the firewall

View solution in original post

0 Helpful
4 Replies 4

Go to solution
malshbou
Level 1
Level 1

‎11-20-2013 08:13 AM

As you collected the ingress and egress captures, please search for the TCP URGENT flag (wireshark filter

tcp.flags.urg==1 ), and check if it is used by the orable apps . The ASA by default clears this flag, so if your app uses this flag (as many oracle apps do) , you need to configure a tcp-map to allow it.

Regards.
Mashal Shboul

------------------ Mashal Shboul
0 Helpful

Go to solution
david.tran
Level 4
Level 4
In response to malshbou

‎11-20-2013 03:27 PM

Please use this post:  https://supportforums.cisco.com/thread/2212146

You can fix the issue on the ASA or you can do that at the database server.  I personally think this should be fixed at the database server level by enabling SQL*net keep alive to maintain stability rather than depending on the firewall

0 Helpful

Go to solution
jss.cisco
Level 1
Level 1
In response to david.tran

‎11-21-2013 05:09 AM

Very good article - thanks.  I will add these options to my service policy and see what happens.

0 Helpful

Go to solution
jss.cisco
Level 1
Level 1
In response to malshbou

‎11-21-2013 05:08 AM

Thanks - this is good info.  I will create the service policy and see what happens.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card