02-01-2012 05:20 PM - edited 03-04-2019 03:06 PM
I have change my NAT rule on my ASA to a diffrent public IP address, when I try to access the server from the internet it takes about a hour to reply. Can someone tell me why when I change the public IP in my NAT rule it takes that long to start replying.
02-01-2012 08:36 PM
shanemcanuff wrote:
I have change my NAT rule on my ASA to a diffrent public IP address, when I try to access the server from the internet it takes about a hour to reply. Can someone tell me why when I change the public IP in my NAT rule it takes that long to start replying.
How are you accessing the server from the Internet?
If you're hitting a hostname, it takes most DNS records an hour to expire if they're cached - so you could be hitting a DNS delay.
When you change your IP address and it takes so long to reply, what happens if you nslookup/dig the hostname from the Internet? Do you get the new or the old IP address back?
If you manage your own DNS, you can drop the expiry periods to 5 minutes or something to minimise the outage time - but you'll still run into some delay in propogation of DNS records.
Cheers
02-01-2012 09:27 PM
The public IP I change it to was taken from a server that had it, the DNS is still the same. I just remove the server and use that public IP in the NAT rule. I can't even ping the IP address after the change but I can ping other public NAT IP.
02-02-2012 02:42 PM
shanemcanuff wrote:
The public IP I change it to was taken from a server that had it, the DNS is still the same. I just remove the server and use that public IP in the NAT rule. I can't even ping the IP address after the change but I can ping other public NAT IP.
Are you also changing the IP address used in your security rules relating to PING, web access etc etc from outside?
When you changed the IP address int he NAT rule, did you clear the existing translations which point to the old IP address?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide