Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Cisco PIX and Sql*Net

Cisco PIX and Sql*Net

From: Peter Laursen <pl_at_mail1.remove.this.stofanet.dk>
Date: Fri, 11 May 2001 00:21:47 +0200
Message-ID: <WzEK6.2216$h4.587150@news101.telia.com>

Hi,

I am having trouble connecting from a client through a Cisco PIX firewall. Server is 8.1.6 on Win2k, Client is 8.1.6 on Win2k. Listener is standard config with dedicated serverprocess and tcp port 1521. TNSname 8.0 style on the client.
When changing ip on the client machine(webserver to be), so sql*net traffic is not routed through the firewall everything is fine - connection is made and applikation is running. Connections from other similar clients on the LAN works fine too. However when changing the ip on the webserver machine back to be outside, so traffic is routed through the PIX, I get an ora-12535 timeout. Port 1521 is open but I suspect the redirect fails - the client never gets to talk with the serverprocess.
Ok, I put USE SHARED SOCKET = TRUE in the registry as described in metalink note 68652.1. This should eliminate the need for redirecting and the client should be able to talk to the serverprocess with only port 1521 open on the PIX. I still get ora 12535 though. A listener.log at tracelvl 16 shows an error on socket 284. ( I dont recall the exact log, I am at home now).

I know that 8.1.7 has an official bug concerning USE SHARED SOCKET. Thats why I installed 8.1.6 at this customer. Is the USE SHARED SOCKET bug in 8.1.6 too? Any ideas other than trying connection manager?

I am not configuring the PIX, another guy is doing that, but he doesnt know Oracle and I dont understand his firewall speak, so there are communications problems at more than one level :-) We really dont know if the problem is in the PIX or in Oracle :-(

At Cisco I found this quote:
"To enable secure database access, the Cisco Secure PIX Firewall series allows Oracle SQL*Net-based client/server applications to communicate through the firewall, both with and without network address translation (NAT). "
So the PIX knows about the sql*net protocol, but what does this actually mean? Does this mean that the PIX has an Sql*net proxy?

TIA
Peter Laursen Received on Thu May 10 2001 - 17:21:47 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US