Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Change IP in NAT rule

I have change my NAT rule on my ASA to a diffrent public IP address, when I try to access the server from the internet it takes about a hour to reply. Can someone tell me why when I change the public IP in my NAT rule it takes that long to start replying.

3 REPLIES
Silver

Change IP in NAT rule

shanemcanuff wrote:

I have change my NAT rule on my ASA to a diffrent public IP address, when I try to access the server from the internet it takes about a hour to reply. Can someone tell me why when I change the public IP in my NAT rule it takes that long to start replying.

How are you accessing the server from the Internet?

If you're hitting a hostname, it takes most DNS records an hour to expire if they're cached - so you could be hitting a DNS delay.

When you change your IP address and it takes so long to reply, what happens if you nslookup/dig the hostname from the Internet? Do you get the new or the old IP address back?

If you manage your own DNS, you can drop the expiry periods to 5 minutes or something to minimise the outage time - but you'll still run into some delay in propogation of DNS records.

Cheers

New Member

Change IP in NAT rule

The public IP I change it to was taken from a server that had it, the DNS is still the same. I just remove the server and use that public IP in the NAT rule. I can't even ping the IP address after the change but I can ping other public NAT IP.

Silver

Change IP in NAT rule

shanemcanuff wrote:

The public IP I change it to was taken from a server that had it, the DNS is still the same. I just remove the server and use that public IP in the NAT rule. I can't even ping the IP address after the change but I can ping other public NAT IP.

Are you also changing the IP address used in your security rules relating to PING, web access etc etc from outside?

When you changed the IP address int he NAT rule, did you clear the existing translations which point to the old IP address?

478
Views
0
Helpful
3
Replies