DNS

andy · ‎12-27-2007

I recently changed web hosting services. All went well. I can now reach my webpage and email services without a problem anywhere but at my office. If I tried to ping the mail server it hit the wrong address. I found the old DNS entry int the server and removed it. Now it tries to ping the correct address but goes nowhere. I tried manually entering the host(A) entries adn no luck. I don't see anything in the firewall(CISCO PIX 515E) that should be preventing my network from connecting to the proper addresses. I'm stumped. The hosting change occurred last Friday.

husycisco · ‎12-27-2007

Hi Andy

"Now it tries to ping the correct address but goes nowhere. I tried manually entering the host(A) entries adn no luck"

You tried to ping mail.xxx.com, it resolved to correct IP address, but didnt ping right? If yes you dont have to add manually adding host record since name can be resolved to correct IP.

Your mail server might be blocked to ICMP traffic. You better check the smtp port. In command prompt, type the following

telnet mail.xxx.com 25

If you get a blank screen or some text about exchange, that means everything is fine.

Regards

andy · ‎12-27-2007

I went ahead and removed the manual entries again. It still tries to ping the correct address but gets no response. I cannot even ping my offices webpage. When trying to telnet in it gives a connection failed message(tried that earlier btw...just forgot to mention it). I cannot ping the webpage from work either but I can ping it from other connections. I can ping the mail server from other internet connections. I can still access everything from various other connections, even from the same ISP. just not from work. This makes me think that it has to be firewall or server related somehow. The software firewall is not turned on in the server. The only firewall running actively is the PIX 515E. Still stumped. Is there something that I'm missing? Is it about to slap me in the face from being so obvious? Thank you for your response.

jmia · ‎12-28-2007

Hi Andy, can you add the following to your pix on the outside interface and see if you can ping to the addresses in question...

access-list outside_in permit icmp any any echo-reply

access-list outside_in icmp any any unreachable

access-list outside_in icmp any any time-exceeded

access-group outside_in in interface outside

Issue - clear xlate and also save with - write mem

*Change the outside ACL name to fit with your naming convention, i.e. above I have named the outside ACL as 'outside_in'

Let us know,

andy · ‎12-28-2007

All of that information is already there. Going to upload a copy of the terminal. There are some entries for SMTP that I ahve no idea why they're there. They have no relevance to the old or the new web/mail hosting service. The 208.180.x.x addresses are all good. I have no idea what the 68.x.x.x, 206.x.x.x, 68.11.x.x or 63.x.x.x addresses are for. They may have been put in there by my predecessor but they don't appear to have any bearing on anything that we have now.

andy · ‎12-28-2007

I appreciate the responses folks. I now know why I couldn't figure it out. There were no settings in the firewall that caused this issue. The problem did turn out to be quite obvious and should have slapped someone in the face...but not me or any of you. :) I was able to access everything, including the new control panel ath the new web host's site up until the site transfer completed. Then I was denied everything, b ut only from the work IP address. Why?!? Because they had my IP address on their banned list. It has since been removed from the list and productivity restored. Again, thank you for your help. I feel so much less like an idiot now. :)