Question : SQL database issues over ipsec site to site tunnel on Juniper SSG520

I have two sites that have Juniper SSG520's installed with a site to site ipsec tunnel running. The firmware version of the SSG's is 6.1.0r2.0. All other connections are working perject (i.e. Outlook, Fileshares, Internally hosted webservers, RDP access to other headquaters servers and so forth). The only problems I'm seeing is when developers are trying to run a sql query to a database server. These queries are very small in size and should run for around an hour to complete the query. When users initiate the queries now, it hanges and gives an error of "ORA-03106: fatal two-task communication protocol error". It is also important to know that before we switched over to juniper equipment, we were using Microsoft ISA for our site to site tunnel. When this was in production everything was working fine and we had no complaints. The only thing that changed in our network is the juniper devices, bandwidth has remained a constant. I have opened up all ports to allow testing (it's site to site anyway) and the problem still remains. Please provide enlightenment here.

Answer : SQL database issues over ipsec site to site tunnel on Juniper SSG520

Do you ask why the question runs long, or why the long running question's connection fails after a while? The latter has been answered - the session entry for the port just times out. That is an failback mechanism in ScreenOS (and other firewalls) to free up needed resources which might else be tied to connections already terminated, but the closing flags have been lost. One example is described at http://www.dbforums.com/oracle/1632094-keep-alive-sqlnet-ora.html. The SQLNET.EXPIRE_TIME parameter described here is the only one I know of which will send kind of keep-alive with SQL*Net.