Meghna,
Turning on "fixup sql" instructs the PIX to watch for sql transactions on
port 1522 from less secure to a more secure (i.e. inside to outside)
interfaces. When the PIX recognizes those connections the ASA (Adaptive
Security Algorithm) will create a dynamic conduit through the firewall and
translate the appropriate IP addresses (both in the headers and payload).
Another example of the PIX performing a proxy-like function.
Let me know how you make out?
By the way, have you checked out: http://groups.yahoo.com/group/PIX_Firewall ?
Regards,
Brian
At 08:08 AM 6/21/2001 -0700, Meghna Reddy wrote:
>Message: 13
>Date: Thu, 21 Jun 2001 07:33:25 -0700 (PDT)
>From: Meghna Reddy <[EMAIL PROTECTED]>
>Subject: query on fixup protocol for port 1522
>To: [EMAIL PROTECTED]
>
>Dear all,
>
>This is something I could not understand. Hope i can
>get a claification on this.
>
>We had two mahines A and B (both behind different
>PIXes) which required to talk to each other on tcp
>port 1522 (both ways).
>
>we had all the necessary conduits and outbounds on the
>PIX open. We were also able to telnet to A from B (and
>vice versa) on port 1522.
>
>However when sqlplus was used to connect to B from A,
>it failed, though tnsping was able to connect on port
>1522.
>
>Note : I am not conversant with tnsping/sqlplus...
>What u see here was what was told to me by my DBA.
>
>The listner log at the destination server (B) was
>showing that the connect was trying to get established
>on a random port (2461, 1983 etc...)
>
>The problem however got resvolved after "fixup
>protocol sqlnet 1522" was given on both the PIXes.
>
>Can someone throw light on what the problem was and
>how fixup protocol was able to resolve it.
>
>warm Regards,
>Meghna.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
