cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
300
Views
0
Helpful
1
Replies

Pix515E and Oracle Database Access

pgasol
Level 1
Level 1

Hi everybody

I'm configuring a 515E and I have a little problem with an Oracle Database. I've configured the following:

interface "servidores" 10.112.15.254 --- security 80

Oracle database 10.112.15.237 in interface "servidores"

interface "web_registro" 10.112.22.254 ---- security60

web server 10.112.22.224 in interface "web_registro"

The web server in "web_registro" must access to the database using ports tcp 7020,7021,7023 and udp 8020,8021,8023. As I have to allow access from a lower security interface to higher security interface, I've tried the following (opening all the ports firstly):

static (servidores, web_registro) 10.112.22.237 10.112.15.237 netmask 255.255.255.255

access-list web_out permit tcp any any

access-list web_out permit udp any any

access-group web_out in interface web registro

This should allow all packets to traverse the pix. But I get the following reports:

--------- PACKET ---------

-- IP --

10.112.22.224 ==> 10.112.15.237

ver = 0x4 hlen = 0x5 tos = 0x0 tlen = 0x30

id = 0xe908 flags = 0x40 frag off=0x0

ttl = 0x80 proto=0x6 chksum = 0xd612

-- TCP --

source port = 0xa27 dest port = 0x1b6dsyn

seq = 0xb162e3a7

ack = 0x0

hlen = 0x7 window = 0x4000

checksum = 0x4cd4 urg = 0x0

tcp options: 0x2 0x4 0x5 0xb4

0x1 0x1 0x4 0x2

--------- END OF PACKET ---------

106010: Deny inbound tcp src web_registro:10.112.22.224/2599 dst servidores:10.112.15.237/7021

Any idea about what's happening?

Thanks a lot in advance

1 Reply 1

thong.do
Level 1
Level 1

Try to use CONDUIT command. It is an exception of the Pix FW for accessing hosts between interfaces.

Good Luck