Re: Cisco PIX firewall
- From: Niall Litchfield <niall.litchfield@xxxxxxxxx>
- To: JBECKSTROM@xxxxxxxxx
- Date: Tue, 25 Jan 2005 21:54:51 +0000
On Tue, 25 Jan 2005 15:31:00 -0500, Jeffrey Beckstrom
<JBECKSTROM@xxxxxxxxx> wrote:
> We are using a Cisco PIX firewall version 6.2. Database is running
> Oracle 9i with multithreaded server.
>
> If we move the web server inside the firewall, then sqlplus connects to
> the database server. If we put the web server outside of the firewall
> then sql*plus gives an ora-12571 error. Our network people tried
> opening all ports on the web server for IP traffic but we still get the
> same error.
>
> We know it is something with the firewall since depending on if the web
> server is inside or outside of the dmz you can connect. We just can't
> figure out what is wrong with the firewall. Any suggestions would be
> appreciated.
I believe that the PIX firewall needs to be made aware of sqlnet
traffic so that it can mark the sqlnet packets on the way through with
appropriate ip addresses (if you are using NAT). This is all from
memory and I'm on a course until Monday - if you don't get useful
responses by Monday drop me a line and I'll see if I can dig out our
change document that did this on our PIX firewall.
--
Niall Litchfield
Oracle DBA
http://www.niall.litchfield.dial.pipex.com
--
//www.freelists.org/webpage/oracle-l
Other related posts:
