I would like help with packages between sophos xg and an oracle application

Hi guys.

I'm sorry for my bad English
People I have a problem that I can't solve.
I have an XG that makes a connection  IPSEC VPN site-to-site through which the requests of a local application that queries an oracle bank travels, these queries are being forcibly closed as shown in the image below.

these queries are made directly on a specific ip on port 1521, if we try 2 or 3 times it works, already checked via tcp dump the connections for this ip and this port as shown in the image below and I can't identify the problem could they help me?

My local network is 10.10.30.0/24 and the db machine is on the remote ip 10.10.10.7

  my Ipsec config.

  • Hi  

    Thanks for sharing detail information with snapshot. Is site to site IPSec tunnel between XG to XG or XG to another vendor?

    Are you getting any drop packet on XG on remote server IP during error on Application? 

    You may collect TCPDUMP, PCAP and Drop packet on remote Oracale IP on XG and note down the time details for error and during issue timestamp you may check PCAP details to have further verification.

    PCAP KBA:

    https://community.sophos.com/kb/en-us/127647

    For testing purpose if you access same App over WAN ( by publishing through DNAT) are you getting the same problem or error?

  • In reply to Vishal_R:

    HI, Vishal.

    About the ipsec connection is made between XG and a third party firewall.
    Analyzing through the logview I do not receive any discarded packets, I also viewed the connections through tcpdump as I showed in the image, I will do the capture of pcap as suggested, and unfortunately I cannot do this test on the wan port.

  • In reply to Vishal_R:

    Hello, I did the capture and analysis I didn't see any drop, some connection alerts but nothing that aborts the connection, below is an image of the conversation between the hosts.


  • In reply to Vishal_R:

    the new capture:

    85 31.340980 10.10.30.221 10.10.10.7 TCP 64 49183 → 1521 [SYN] Seq=0 Win=32768 Len=0 MSS=1460 SACK_PERM=1
    86 31.342968 10.10.10.7 10.10.30.221 TCP 64 1521 → 49183 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1
    87 31.343068 10.10.10.7 10.10.30.221 TCP 64 [TCP Out-Of-Order] 1521 → 49183 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1
    88 31.349871 10.10.30.221 10.10.10.7 TCP 56 49183 → 1521 [ACK] Seq=1 Ack=1 Win=33580 Len=0
    89 31.437517 10.10.30.221 10.10.10.7 TNS 184 Request, Connect (1)
    90 31.439931 10.10.10.7 10.10.30.221 TCP 56 1521 → 49183 [ACK] Seq=1 Ack=129 Win=30016 Len=0
    91 31.439970 10.10.10.7 10.10.30.221 TCP 56 [TCP Dup ACK 90#1] 1521 → 49183 [ACK] Seq=1 Ack=129 Win=30016 Len=0
    92 31.452838 10.10.10.7 10.10.30.221 TNS 64 Response, Resend (11)
    93 31.452884 10.10.10.7 10.10.30.221 TCP 64 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=1 Ack=129 Win=30016 Len=8
    94 31.456067 10.10.30.221 10.10.10.7 TNS 184 Request, Connect (1)
    95 31.458236 10.10.10.7 10.10.30.221 TNS 80 Response, Accept (2)
    96 31.458285 10.10.10.7 10.10.30.221 TCP 80 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=9 Ack=257 Win=31088 Len=24
    97 31.461417 10.10.30.221 10.10.10.7 TNS 88 Request, Data (6), Set Protocol
    98 31.463456 10.10.10.7 10.10.30.221 TNS 247 Response, Data (6), Set Protocol
    99 31.463508 10.10.10.7 10.10.30.221 TCP 247 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=33 Ack=289 Win=31088 Len=191
    100 31.470577 10.10.30.221 10.10.10.7 TNS 1232 Request, Data (6), Set Datatypes
    101 31.473175 10.10.10.7 10.10.30.221 TNS 1000 Response, Data (6), Set Datatypes
    102 31.473290 10.10.10.7 10.10.30.221 TCP 1000 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=224 Ack=1465 Win=34104 Len=944
    103 31.477502 10.10.30.221 10.10.10.7 TNS 227 Request, Data (6), User OCI Functions
    104 31.484836 10.10.10.7 10.10.30.221 TNS 264 Response, Data (6), Return OPI Parameter
    105 31.484934 10.10.10.7 10.10.30.221 TCP 264 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=1168 Ack=1636 Win=36456 Len=208
    107 31.499314 10.10.30.221 10.10.10.7 TNS 396 Request, Data (6), User OCI Functions
    108 31.507292 10.10.10.7 10.10.30.221 TNS 1163 Response, Data (6), Return OPI Parameter
    109 31.507396 10.10.10.7 10.10.30.221 TCP 1163 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=1376 Ack=1976 Win=38808 Len=1107
    110 31.513980 10.10.30.221 10.10.10.7 TNS 75 Request, Data (6), User OCI Functions
    111 31.515739 10.10.10.7 10.10.30.221 TNS 150 Response, Data (6), Return OPI Parameter
    112 31.515817 10.10.10.7 10.10.30.221 TCP 150 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=2483 Ack=1995 Win=38808 Len=94
    113 31.523286 10.10.30.221 10.10.10.7 TNS 158 Request, Data (6), User OCI Functions
    114 31.525335 10.10.10.7 10.10.30.221 TNS 131 Response, Data (6), Return OPI Parameter
    115 31.525343 10.10.10.7 10.10.30.221 TCP 131 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=2577 Ack=2097 Win=38808 Len=75
    116 31.532093 10.10.30.221 10.10.10.7 TNS 213 Request, Data (6), User OCI Functions
    117 31.533955 10.10.10.7 10.10.30.221 TNS 127 Response, Data (6), Sending I/O Vec only for fast UPI
    118 31.533962 10.10.10.7 10.10.30.221 TCP 127 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=2652 Ack=2254 Win=41160 Len=71
    119 31.549352 10.10.30.221 10.10.10.7 TNS 71 Request, Data (6), User OCI Functions
    120 31.550946 10.10.10.7 10.10.30.221 TNS 70 Response, Data (6), Return OPI Parameter
    121 31.550948 10.10.10.7 10.10.30.221 TCP 70 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=2723 Ack=2269 Win=41160 Len=14
    122 31.558036 10.10.30.221 10.10.10.7 TNS 338 Request, Data (6), User OCI Functions
    123 31.560596 10.10.10.7 10.10.30.221 TNS 106 Response, Data (6), Return OPI Parameter
    124 31.560604 10.10.10.7 10.10.30.221 TCP 106 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=2737 Ack=2551 Win=43512 Len=50
    125 31.564690 10.10.30.221 10.10.10.7 TNS 78 Request, Data (6), User OCI Functions
    126 31.566855 10.10.10.7 10.10.30.221 TNS 354 Response, Data (6), Return OPI Parameter
    127 31.566862 10.10.10.7 10.10.30.221 TCP 354 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=2787 Ack=2573 Win=43512 Len=298
    128 31.574371 10.10.30.221 10.10.10.7 TNS 196 Request, Data (6), User OCI Functions
    129 31.576570 10.10.10.7 10.10.30.221 TNS 185 Response, Data (6), Row Transfer Header
    130 31.576572 10.10.10.7 10.10.30.221 TCP 185 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=3085 Ack=2713 Win=45864 Len=129
    131 31.582381 10.10.30.221 10.10.10.7 TNS 71 Request, Data (6), User OCI Functions
    132 31.585140 10.10.10.7 10.10.30.221 TNS 67 Response, Data (6), Function Complete
    133 31.585148 10.10.10.7 10.10.30.221 TCP 67 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=3214 Ack=2728 Win=45864 Len=11
    134 31.588542 10.10.30.221 10.10.10.7 TNS 69 Request, Data (6), User OCI Functions
    135 31.590463 10.10.10.7 10.10.30.221 TNS 67 Response, Data (6), Function Complete
    136 31.590464 10.10.10.7 10.10.30.221 TCP 67 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=3225 Ack=2741 Win=45864 Len=11
    144 31.790592 10.10.30.221 10.10.10.7 TCP 56 49183 → 1521 [ACK] Seq=2741 Ack=3236 Win=32827 Len=0
    145 32.113756 10.10.30.221 10.10.10.7 TNS 213 Request, Data (6), User OCI Functions
    146 32.116351 10.10.10.7 10.10.30.221 TNS 127 Response, Data (6), Sending I/O Vec only for fast UPI
    147 32.116361 10.10.10.7 10.10.30.221 TCP 127 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=3236 Ack=2898 Win=48216 Len=71
    148 32.193395 10.10.30.221 10.10.10.7 TNS 71 Request, Data (6), User OCI Functions
    149 32.195198 10.10.10.7 10.10.30.221 TNS 70 Response, Data (6), Return OPI Parameter
    150 32.195200 10.10.10.7 10.10.30.221 TCP 70 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=3307 Ack=2913 Win=48216 Len=14
    151 32.282273 10.10.30.221 10.10.10.7 TNS 504 Request, Data (6), User OCI Functions
    152 32.284837 10.10.10.7 10.10.30.221 TNS 106 Response, Data (6), Return OPI Parameter
    153 32.284857 10.10.10.7 10.10.30.221 TCP 106 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=3321 Ack=3361 Win=50568 Len=50
    154 32.380704 10.10.30.221 10.10.10.7 TNS 78 Request, Data (6), User OCI Functions
    155 32.382976 10.10.10.7 10.10.30.221 TNS 141 Response, Data (6), Return OPI Parameter
    156 32.382984 10.10.10.7 10.10.30.221 TCP 141 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=3371 Ack=3383 Win=50568 Len=85
    157 32.390020 10.10.30.221 10.10.10.7 TNS 115 Request, Data (6), User OCI Functions
    158 32.409583 10.10.10.7 10.10.30.221 TNS 154 Response, Data (6), Row Transfer Header
    159 32.409591 10.10.10.7 10.10.30.221 TCP 154 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=3456 Ack=3442 Win=50568 Len=98
    160 32.414279 10.10.30.221 10.10.10.7 TNS 71 Request, Data (6), User OCI Functions
    161 32.416087 10.10.10.7 10.10.30.221 TNS 67 Response, Data (6), Function Complete
    162 32.416088 10.10.10.7 10.10.30.221 TCP 67 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=3554 Ack=3457 Win=50568 Len=11
    163 32.420544 10.10.30.221 10.10.10.7 TNS 69 Request, Data (6), User OCI Functions
    164 32.422444 10.10.10.7 10.10.30.221 TNS 67 Response, Data (6), Function Complete
    165 32.422445 10.10.10.7 10.10.30.221 TCP 67 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=3565 Ack=3470 Win=50568 Len=11
    175 32.598644 10.10.30.221 10.10.10.7 TNS 213 Request, Data (6), User OCI Functions
    176 32.600596 10.10.10.7 10.10.30.221 TNS 127 Response, Data (6), Sending I/O Vec only for fast UPI
    177 32.600606 10.10.10.7 10.10.30.221 TCP 127 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=3576 Ack=3627 Win=52920 Len=71
    178 32.621120 10.10.30.221 10.10.10.7 TNS 69 Request, Data (6), User OCI Functions
    179 32.622968 10.10.10.7 10.10.30.221 TNS 67 Response, Data (6), Function Complete
    180 32.622975 10.10.10.7 10.10.30.221 TCP 67 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=3647 Ack=3640 Win=52920 Len=11
    181 32.634926 10.10.30.221 10.10.10.7 TNS 71 Request, Data (6), User OCI Functions
    182 32.636825 10.10.10.7 10.10.30.221 TNS 70 Response, Data (6), Return OPI Parameter
    183 32.636833 10.10.10.7 10.10.30.221 TCP 70 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=3658 Ack=3655 Win=52920 Len=14
    184 32.647327 10.10.30.221 10.10.10.7 TNS 854 Request, Data (6), User OCI Functions
    185 32.649592 10.10.10.7 10.10.30.221 TNS 106 Response, Data (6), Return OPI Parameter
    186 32.649594 10.10.10.7 10.10.30.221 TCP 106 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=3672 Ack=4453 Win=55272 Len=50
    187 32.653765 10.10.30.221 10.10.10.7 TNS 78 Request, Data (6), User OCI Functions
    188 32.656027 10.10.10.7 10.10.30.221 TNS 478 Response, Data (6), Return OPI Parameter
    189 32.656028 10.10.10.7 10.10.30.221 TCP 478 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=3722 Ack=4475 Win=55272 Len=422
    190 32.664404 10.10.30.221 10.10.10.7 TNS 250 Request, Data (6), User OCI Functions
    191 32.666697 10.10.10.7 10.10.30.221 TNS 203 Response, Data (6), Row Transfer Header
    192 32.666699 10.10.10.7 10.10.30.221 TCP 203 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=4144 Ack=4669 Win=57624 Len=147
    193 32.696100 10.10.30.221 10.10.10.7 TNS 71 Request, Data (6), User OCI Functions
    194 32.698711 10.10.10.7 10.10.30.221 TNS 70 Response, Data (6), Return OPI Parameter
    195 32.698713 10.10.10.7 10.10.30.221 TCP 70 [TCP Retransmission] 1521 → 49183 [PSH, ACK] Seq=4291 Ack=4684 Win=57624 Len=14
    197 32.711228 10.10.30.221 10.10.10.7 TCP 1516 49183 → 1521 [ACK] Seq=4684 Ack=4305 Win=33419 Len=1460 [TCP segment of a reassembled PDU]
    198 32.711235 10.10.30.254 10.10.30.221 ICMP 592 Destination unreachable (Fragmentation needed)
    199 32.711277 10.10.30.221 10.10.10.7 TNS 1516 Request, Data (6), User OCI Functions [TCP segment of a reassembled PDU]
    200 32.711282 10.10.30.254 10.10.30.221 ICMP 592 Destination unreachable (Fragmentation needed)
    201 32.711283 10.10.30.221 10.10.10.7 TNS 1516 Request, Data (6), External Procedures and Services Registrations [TCP segment of a reassembled PDU]
    202 32.711285 10.10.30.254 10.10.30.221 ICMP 592 Destination unreachable (Fragmentation needed)
    203 32.954718 10.10.10.7 10.10.30.221 TNS 70 [TCP Spurious Retransmission] Response, Data (6), Return OPI Parameter
    204 32.954729 10.10.10.7 10.10.30.221 TNS 70 [TCP Spurious Retransmission] Response, Data (6), Return OPI Parameter
    205 33.210727 10.10.10.7 10.10.30.221 TNS 70 [TCP Spurious Retransmission] Response, Data (6), Return OPI Parameter
    206 33.210736 10.10.10.7 10.10.30.221 TNS 70 [TCP Spurious Retransmission] Response, Data (6), Return OPI Parameter
    207 33.715218 10.10.10.7 10.10.30.221 TNS 70 [TCP Spurious Retransmission] Response, Data (6), Return OPI Parameter
    208 33.715225 10.10.10.7 10.10.30.221 TNS 70 [TCP Spurious Retransmission] Response, Data (6), Return OPI Parameter
    209 34.739243 10.10.10.7 10.10.30.221 TNS 70 [TCP Spurious Retransmission] Response, Data (6), Return OPI Parameter
    210 34.739256 10.10.10.7 10.10.30.221 TNS 70 [TCP Spurious Retransmission] Response, Data (6), Return OPI Parameter
    211 36.787353 10.10.10.7 10.10.30.221 TNS 70 [TCP Spurious Retransmission] Response, Data (6), Return OPI Parameter
    212 36.787362 10.10.10.7 10.10.30.221 TNS 70 [TCP Spurious Retransmission] Response, Data (6), Return OPI Parameter
    213 40.819201 10.10.10.7 10.10.30.221 TNS 70 [TCP Spurious Retransmission] Response, Data (6), Return OPI Parameter
    214 40.819211 10.10.10.7 10.10.30.221 TNS 70 [TCP Spurious Retransmission] Response, Data (6), Return OPI Parameter
    215 49.203231 10.10.10.7 10.10.30.221 TNS 70 [TCP Spurious Retransmission] Response, Data (6), Return OPI Parameter
    216 49.203240 10.10.10.7 10.10.30.221 TNS 70 [TCP Spurious Retransmission] Response, Data (6), Return OPI Parameter
    217 65.587223 10.10.10.7 10.10.30.221 TNS 70 [TCP Spurious Retransmission] Response, Data (6), Return OPI Parameter
    218 65.587237 10.10.10.7 10.10.30.221 TNS 70 [TCP Spurious Retransmission] Response, Data (6), Return OPI Parameter