alias command on PIX (cont'd)

r-lemaster · ‎10-21-2003

Ok, so the alias command was working for about 40 minutes, now it doesn't work anymore. I haven't made any changes.

Now when I ping the FQDN, it times out, and when I try to access the site via browser using FQDN, I get a DNS error. Rebooting the PC and reloading the PIX worked once, but not anymore.

Anyone seen this before?

nkhawaja · ‎10-21-2003

If nothing has changed then it is a wonder why alias command is not working. Would you please confirm with nslookup, what and where is your default DNS server? and what IP address is it giving you for that FQDN.

Thanks

Nadeem

r-lemaster · ‎10-21-2003

My DNS server is outside my LAN on our ISP's LAN.

When I ping http://www.mysite.net, it will sometimes return with the internal IP address. Now, sometimes it works, sometimes it doesn't. Here's an example of it worked for the first ping and then not for each sucessive ping:

C:\>ping http://www.mysite.net

Pinging mysite.net [192.168.1.10] with 32 bytes of data:

Reply from 192.168.1.10: bytes=32 time<1ms TTL=128

Request timed out.

Ping statistics for 192.168.1.10:

Packets: Sent = 4, Received = 1, Lost = 3 (75% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

The server is up and running fine. I get a couple of connections a day, hardly enough to choke it.

Just now, I was able to navigate the site just fine with my browser using the FQDN. Here's my ping results:

C:\>ping www.mysite.net

Pinging mysite.net [192.168.1.10] with 32 bytes of data:

Reply from 192.168.1.10: bytes=32 time<1ms TTL=128

It's like it works a couple of times and then stops. What's up with that?

nkhawaja · ‎10-21-2003

We need to first segregate it from alias issue.

Can u try to do this test with nslookup. and try to find out the result of www.mysite.net. If it always gives you the private IP address, then it is something else we are facing.

r-lemaster · ‎10-21-2003

Here is the nslookup results:

C:\>nslookup http://www.mysite.net

Server: hudson.concentric.net

Address: 207.155.183.72

Non-authoritative answer:

Name: mysite.net

Address: 192.168.1.10

Aliases: http://www.mysite.net

PS: my domain name isn't really mysite.net. By segregate from the alias issue, does this mean the alias is working and it's something else?

r-lemaster · ‎10-22-2003

I tried using the [DNS] option in the static command (via PDM)like this:

static (inside,outside) tcp interface www 192.168.1.10 www dns

But that didn't work. I think I'm using the command wrong. I can't find a link on CCO that explains the [DNS] option very well. LMK if you know one.

thanks!

nkhawaja · ‎10-22-2003

Hi,

If nslookup is giving you the same address every time, then alias is working as it is suppose to.

We need to check other things.

Thanks

Nadeem

r-lemaster · ‎10-22-2003

Ok, what other things?

nkhawaja · ‎10-22-2003

Is it only happening with this server? Ping by FQDN give intermittent problems? Ping by IP always works?

Thanks

Nadeem

r-lemaster · ‎10-22-2003

Yes. Pinging by FQDN usually works (and shows translation to internal IP), but sometimes doesn't.

Ping by internal IP always works. At least I can't remember a time when it didn't work. Ping via internal IP works even when ping by FQDN doesn't work.

Thanks for hanging in there, Nadeem!

nkhawaja · ‎10-23-2003

Ok, so ocassionaly ping by FQDN doesnot work, but at the same time you said that nslookup always gives out private IP address. These two are conflicting information. And we still can't conclude that alias is malfunctioning. In case this is an alias issue then all I can say is that this is a bug in the code. Try running a different code.

Thanks

Nadeem

r-lemaster · ‎10-24-2003

Ok, maybe my PIX is buggy. This should work, huh? I'll try to download a new copy of the OS. Thanks for your help.