Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SQL PIX 515E Connection Problem 1

Status
Not open for further replies.
berlingoff

berlingoff

IS-IT--Management
Dec 9, 2002
8
US
I have a Cisco PIX 515E. I have a web server running in the DMZ that makes an ODBC connection on port 1433 to an SQL server on our internal network. If there is no activity from the webpage, the web server is unable to connect to the SQL server until a connection is made from the SQL server to the web server. I usually do this by pinging from the internal server to the DMZ'ed server.

The rule in the PIX is to allow 1433 from the DMZ'ed machine to the SQL server inside.

Is there another rule that I need to create, or expand on the exisiting rule to keep this connection available at all times?

Thanks for any help.
 
Sort by date Sort by votes
Is it MSSQL or Oracle ? you might need some "fixup protocol sqlnet 1433" command if its Oracle.

Maybe you could post your statics/access-lists ?

Jan


Network Systems Engineer
CCNA/CQS/CCSP/Infosec
 
Upvote 0 Downvote
Hope this information is enough. It is connecting to a Microsoft SQL server, not Oracle.

Thanks!

object-group service SQL tcp
port-object range 1433 1433

object-group network KT_Servers
network-object X.X.X.X 255.255.255.255
network-object X.X.X.X 255.255.255.255

name X.X.X.X KTWEB

access-list DMZ_access_in permit tcp host KTWEB object-group KT_Servers object-group SQL
 
Upvote 0 Downvote
Looks ok, but did you use access-group to apply it to the DMZ ?
access-group DMZ_access_in in interface dmz

Jan


Network Systems Engineer
CCNA/CQS/CCSP/Infosec
 
Upvote 0 Downvote
Yes, I did apply it to the DMZ.

Like I said, the connection works, it just seems to timeout after a few hours of inactivity, and then I have to ping, or initiate some sort of connection from the internal server to the DMZ'ed one.

Thanks

Jason
 
Upvote 0 Downvote
Oh, sorry didn't see that.
Well, the pix will always timeout your sessions after a certain amount of inactivity this cannot be disabled but it can be worked around. You need to enable some type of keepalive on your sql connection, it can be done you just need to search your documentation of your sql server.

Changing timeout values on the pix will only make the problem appear with more hours in between and not solve your problem.

Jan


Network Systems Engineer
CCNA/CQS/CCSP/Infosec
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mcisar
  • Locked
  • Question
Disable CHAP on PPPoE WAN connection
Replies
0
Views
312
mcisar
mcisar
Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
243
Garbear
Garbear
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
781
nnaarrnn
nnaarrnn
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
216
xwray
xwray
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
235
ITSUPPORTIT
ITSUPPORTIT

Part and Inventory Search

Sponsor

Back
Top