×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

alias command on PIX (cont'd)

Unanswered Question
Oct 21st, 2003
User Badges:

Ok, so the alias command was working for about 40 minutes, now it doesn't work anymore. I haven't made any changes.


Now when I ping the FQDN, it times out, and when I try to access the site via browser using FQDN, I get a DNS error. Rebooting the PC and reloading the PIX worked once, but not anymore.


Anyone seen this before?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
nkhawaja Tue, 10/21/2003 - 19:49
User Badges:
  • Cisco Employee,

If nothing has changed then it is a wonder why alias command is not working. Would you please confirm with nslookup, what and where is your default DNS server? and what IP address is it giving you for that FQDN.


Thanks

Nadeem

r-lemaster Tue, 10/21/2003 - 21:52
User Badges:

My DNS server is outside my LAN on our ISP's LAN.


When I ping http://www.mysite.net, it will sometimes return with the internal IP address. Now, sometimes it works, sometimes it doesn't. Here's an example of it worked for the first ping and then not for each sucessive ping:


C:\>ping http://www.mysite.net


Pinging mysite.net [192.168.1.10] with 32 bytes of data:


Reply from 192.168.1.10: bytes=32 time<1ms TTL=128

Request timed out.

Request timed out.

Request timed out.


Ping statistics for 192.168.1.10:

Packets: Sent = 4, Received = 1, Lost = 3 (75% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms


The server is up and running fine. I get a couple of connections a day, hardly enough to choke it.


Just now, I was able to navigate the site just fine with my browser using the FQDN. Here's my ping results:


C:\>ping www.mysite.net


Pinging mysite.net [192.168.1.10] with 32 bytes of data:


Reply from 192.168.1.10: bytes=32 time<1ms TTL=128

Reply from 192.168.1.10: bytes=32 time<1ms TTL=128

Reply from 192.168.1.10: bytes=32 time<1ms TTL=128

Reply from 192.168.1.10: bytes=32 time<1ms TTL=128


It's like it works a couple of times and then stops. What's up with that?

nkhawaja Tue, 10/21/2003 - 21:58
User Badges:
  • Cisco Employee,

We need to first segregate it from alias issue.

Can u try to do this test with nslookup. and try to find out the result of www.mysite.net. If it always gives you the private IP address, then it is something else we are facing.



r-lemaster Tue, 10/21/2003 - 22:16
User Badges:

Here is the nslookup results:


C:\>nslookup http://www.mysite.net

Server: hudson.concentric.net

Address: 207.155.183.72


Non-authoritative answer:

Name: mysite.net

Address: 192.168.1.10

Aliases: http://www.mysite.net


PS: my domain name isn't really mysite.net. By segregate from the alias issue, does this mean the alias is working and it's something else?

r-lemaster Wed, 10/22/2003 - 01:50
User Badges:

I tried using the [DNS] option in the static command (via PDM)like this:


static (inside,outside) tcp interface www 192.168.1.10 www dns


But that didn't work. I think I'm using the command wrong. I can't find a link on CCO that explains the [DNS] option very well. LMK if you know one.


thanks!

nkhawaja Wed, 10/22/2003 - 14:20
User Badges:
  • Cisco Employee,

Hi,


If nslookup is giving you the same address every time, then alias is working as it is suppose to.


We need to check other things.


Thanks

Nadeem

nkhawaja Wed, 10/22/2003 - 21:01
User Badges:
  • Cisco Employee,

Is it only happening with this server? Ping by FQDN give intermittent problems? Ping by IP always works?


Thanks

Nadeem

r-lemaster Wed, 10/22/2003 - 23:51
User Badges:

Yes. Pinging by FQDN usually works (and shows translation to internal IP), but sometimes doesn't.


Ping by internal IP always works. At least I can't remember a time when it didn't work. Ping via internal IP works even when ping by FQDN doesn't work.


Thanks for hanging in there, Nadeem!


nkhawaja Thu, 10/23/2003 - 21:17
User Badges:
  • Cisco Employee,

Ok, so ocassionaly ping by FQDN doesnot work, but at the same time you said that nslookup always gives out private IP address. These two are conflicting information. And we still can't conclude that alias is malfunctioning. In case this is an alias issue then all I can say is that this is a bug in the code. Try running a different code.


Thanks

Nadeem

r-lemaster Fri, 10/24/2003 - 01:02
User Badges:

Ok, maybe my PIX is buggy. This should work, huh? I'll try to download a new copy of the OS. Thanks for your help.

Actions

This Discussion