cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
787
Views
0
Helpful
3
Replies

Change IP in NAT rule

shanemcanuff
Level 1
Level 1

I have change my NAT rule on my ASA to a diffrent public IP address, when I try to access the server from the internet it takes about a hour to reply. Can someone tell me why when I change the public IP in my NAT rule it takes that long to start replying.

3 Replies 3

darren.g
Level 5
Level 5

shanemcanuff wrote:

I have change my NAT rule on my ASA to a diffrent public IP address, when I try to access the server from the internet it takes about a hour to reply. Can someone tell me why when I change the public IP in my NAT rule it takes that long to start replying.

How are you accessing the server from the Internet?

If you're hitting a hostname, it takes most DNS records an hour to expire if they're cached - so you could be hitting a DNS delay.

When you change your IP address and it takes so long to reply, what happens if you nslookup/dig the hostname from the Internet? Do you get the new or the old IP address back?

If you manage your own DNS, you can drop the expiry periods to 5 minutes or something to minimise the outage time - but you'll still run into some delay in propogation of DNS records.

Cheers

The public IP I change it to was taken from a server that had it, the DNS is still the same. I just remove the server and use that public IP in the NAT rule. I can't even ping the IP address after the change but I can ping other public NAT IP.

shanemcanuff wrote:

The public IP I change it to was taken from a server that had it, the DNS is still the same. I just remove the server and use that public IP in the NAT rule. I can't even ping the IP address after the change but I can ping other public NAT IP.

Are you also changing the IP address used in your security rules relating to PING, web access etc etc from outside?

When you changed the IP address int he NAT rule, did you clear the existing translations which point to the old IP address?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco