RE: Cisco PIX firewall

  • From: Kevin Lange <klange@xxxxxxxxxx>
  • To: "'JBECKSTROM@xxxxxxxxx'" <JBECKSTROM@xxxxxxxxx>, oracle-l@xxxxxxxxxxxxx, oracle-db-l@xxxxxxxxxxxxxxxxxxxx, ORACLE-L@xxxxxxxxxxxxx, oracledba@xxxxxxxxxxx, oracle-rdbms@xxxxxxxxxxxxxxx
  • Date: Tue, 25 Jan 2005 14:47:20 -0600

Our current access list on our Firewall looks something like this

access-list inbound-dmz04 permit tcp any host 999.999.999.999 eq 1521 
access-list inbound-dmz04 permit tcp any host 888.888.888.888 eq 1521

Permits any TCP traffic from "Any host" to the specific DATABASE SERVER on
port 1521. 

Make sure what port you are using in your listener... default is 1521.

-----Original Message-----
From: Jeffrey Beckstrom [mailto:JBECKSTROM@xxxxxxxxx]
Sent: Tuesday, January 25, 2005 2:31 PM
To: oracle-l@xxxxxxxxxxxxx; oracle-db-l@xxxxxxxxxxxxxxxxxxxx;
ORACLE-L@xxxxxxxxxxxxx; oracledba@xxxxxxxxxxx;
Cc: Chris Orlando
Subject: Cisco PIX firewall

We are using a Cisco PIX firewall version 6.2.  Database is running
Oracle 9i with multithreaded server.
If we move the web server inside the firewall, then sqlplus connects to
the database server.  If we put the web server outside of the firewall
then sql*plus gives an ora-12571 error.  Our network people tried
opening all ports on the web server for IP traffic but we still get the
same error.
We know it is something with the firewall since depending on if the web
server is inside or outside of the dmz you can connect.  We just can't
figure out what is wrong with the firewall.  Any suggestions would be
Jeffrey Beckstrom
Database Administrator
Greater Cleveland Regional Transit Authority
1240 W. 6th Street
Cleveland, Ohio 44113


Other related posts: