Hi everybody
I'm configuring a 515E and I have a little problem with an Oracle Database. I've configured the following:
interface "servidores" 10.112.15.254 --- security 80
Oracle database 10.112.15.237 in interface "servidores"
interface "web_registro" 10.112.22.254 ---- security60
web server 10.112.22.224 in interface "web_registro"
The web server in "web_registro" must access to the database using ports tcp 7020,7021,7023 and udp 8020,8021,8023. As I have to allow access from a lower security interface to higher security interface, I've tried the following (opening all the ports firstly):
static (servidores, web_registro) 10.112.22.237 10.112.15.237 netmask 255.255.255.255
access-list web_out permit tcp any any
access-list web_out permit udp any any
access-group web_out in interface web registro
This should allow all packets to traverse the pix. But I get the following reports:
--------- PACKET ---------
-- IP --
10.112.22.224 ==> 10.112.15.237
ver = 0x4 hlen = 0x5 tos = 0x0 tlen = 0x30
id = 0xe908 flags = 0x40 frag off=0x0
ttl = 0x80 proto=0x6 chksum = 0xd612
-- TCP --
source port = 0xa27 dest port = 0x1b6dsyn
seq = 0xb162e3a7
ack = 0x0
hlen = 0x7 window = 0x4000
checksum = 0x4cd4 urg = 0x0
tcp options: 0x2 0x4 0x5 0xb4
0x1 0x1 0x4 0x2
--------- END OF PACKET ---------
106010: Deny inbound tcp src web_registro:10.112.22.224/2599 dst servidores:10.112.15.237/7021
Any idea about what's happening?
Thanks a lot in advance