cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1343
Views
0
Helpful
2
Replies

Sqlnet Inspection

paul.schofield
Level 1
Level 1

I've recently upgraded my PIX 535 cluster from 7.2 to 8.0.4(32). Since the upgrade we have been experiencing blocking sessions on one of our DB servers and associated performance issues. I have checked the logs but I cannot see a message to state that sql inspection is the cause. I would expect to see something like

%ASA-6-302014: Teardown TCP connection...Flow closed by inspection

I have since turned off sql inspection and the problem has not reappeared.

Is SQL inspection likely to be the cause here and if so why didn't I see the associated messages in the syslog which is set to record informational events?

Thanks

Paul

2 Replies 2

astripat
Level 1
Level 1

Hi Paul,

There was a bug regarding the same. When we upgrade to 8.0.4, the sqlnet traffic is disrupted and the syslogs seen at the time of issue are asfollows:

%ASA-6-302014: Teardown TCP connection...Flow closed by inspection


But as you mentioned, you do not get any such syslog. Can you enable the inspection again and collect the debugs as follows:

debug sqlnet 255

Also, please send me the following:

show tech
syslogs
show service-policy
debug sqlnet 255


Regards,

Ashu.

Not that you could be hitting defect "CSCta03382: SQLNET query via inspection cause communication errors".

ASA version 8.0.5 fixes it.

I hope it helps.

PK

Review Cisco Networking for a $25 gift card