I am using PIX 515e with outside IP x.x.x.76. I have a mail server put in DMZ, the global IP would be x.x.x.75, all NAT already been configured and it working fine.
After a period of time(2 - 4 weeks), the mail server cannot access to Internet. The DSL line is up since my Inside host can go online. My Inside host can access and ping Mail Server(with DMZ IP, not global ip). All configuration remain unchange. I had no idea what happening and how to solve it.
I tried to change my Outside IP to x.x.x.75 and it works, mail server can send and receive mail as normal. Then i just switch it back to x.x.x.76. I know this is not a correct way coz the problem will comes back.
Just wonder what is the cause on my case? is there any threshold or limit that cause this? or will a long period of silent (no traffic going through DMZ to Inside or Outside) affect this?
The problem come back twice after my first post. i know a bit long time ago, but hope to get your asistant.
My mail server in DMZ cannot access to Internet again. I did the "de ic t", i can see PIX receive the mail server ping request and translate ip from 192.168.1.1 to x.x.x.75. Below is the debug result:
29: ICMP echo-request from dmz:192.168.1.1 to 126.96.36.199 ID=15120 seq=14 length=64
30: ICMP echo-request: translating dmz:192.168.1.1/15120 to outside:x.x.x.75/5
31: ICMP echo-request from dmz:192.168.1.1 to 188.8.131.52 ID=15120 seq=15 length=64
32: ICMP echo-request: translating dmz:192.168.1.1/15120 to outside:x.x.x.75/5
All the inside host can access to Internet. (they are translating to outside int ip x.x.x.76 to route out).
While this happen, i try to disconnect PIX from internet and use my laptop to connect directly to modem to test x.x.x.75 and 76, both IPs is working.
To solve this, i just need to change the PIX outside int ip to x.x.x.75 (some how like trigger the line) and mail server in DMZ can ping out to internet. After that, i change back outside IP to x.x.x.76.
The problem is, is this caused by PIX fail to "global" the x.x.x.75? or ISP side having problem to talk with PIX?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :