NAT Server was configured on the firewall and the connections from the client to the database server timed out.
Modify the NAT server configuration so that NAT can be implemented for all servers.
1. The IP address of the client used in the test was 192.168.0.65 and that of the server was 172.29.128.67. The ping from the client to the server succeeded, indicating that the address translation on the firewall and connectivity were normal.
2. The timed-out packets were analyzed and it was found that the TCP connection between the client and server was normal. The server instructed the client to connect to port 1521 of the server at 172.16.95.8.
However, the attempts to connect to port 1521 at 172.16.95.8 failed multiple times. The client sent SYN packets, but the server did not reply.
The NAT configuration on the firewall was examined and it was found that NAT server applied to only to the connection between 172.29.128.67 and 192.168.220.10 and did not apply to the connection to 172.16.95.8. As a result, the communication failed.
nat server zone untrust global 172.29.128.67 inside 192.168.220.10
Summary: The users needed to communicate with multiple servers, but NAT server was not configured for all servers, causing the failure of the communication between the users and some servers.