Solved

Problem with cisco PIX 501 when using domain name to access port instead of IP

Posted on 2007-11-30
3
243 Views
Last Modified: 2012-05-05
Hi Experts!

I have a Pix 501 firewall wich is currently allowing access to my mail server on ports 25 and 110 using NAT and Static Routes. The IP that "ties" the firewall with the server is the IP configured in the outside interface of the router (200.100.100.100). The internal server's ip is 10.0.1.1.

What works:

1. I can PING the 200.100.100.100 ip addres from any outside network with no problem, I get replies.
2. The IP is mapped through DNS to name mail.myserver.com. I can PING mail.myserver.com and get a reply from the IP with no problem.
2. I can telnet 200.100.100.100 on ports 25 and 100 and I can connect with no problem.

What does not work:

1. If I try to telnet de domain instead of the IP, for example telnet mail.myserver.com 25   or telnet mail.myserver.com 110 it takes a LOT of time to connect, sometimes it times out.
2. Because of this, mail clients return errors and do not download or send mail.


Question: Why would connecting through the domain name takes so long even if I can ping the domain name getting decent reply times, and I can connect to the ports with the ip address real quickly?

I tried removing the fixup for port 25, but same thing happens.

thanks a lot!!
0
Comment
Question by:glopezz
3 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 250 total points
ID: 20386631
You state that this works:

I can telnet 200.100.100.100 on ports 25 and 100 and I can connect with no problem.

and this doesn't:

If I try to telnet de domain instead of the IP, for example telnet mail.myserver.com 25   or telnet mail.myserver.com 110 it takes a LOT of time to connect, sometimes it times out.

The only difference between those two functions is DNS name resolution, which is being used in the one that doesn't work.  To verify that it is a DNS resolution issue, have you tried putting an entry for mail.myserver.com into an external client's local "hosts" file so that the name resolution occurs locally and then trying your telnet test to the FQDN?
0
 
LVL 4

Expert Comment

by:mdefalco
ID: 20386914
good idea batry boy. i was thinking it was the dns config also. run a traceroute to the domain name also and see where it goes. it will time each hop, so you can see where the delay is.

jim
0
 

Author Closing Comment

by:glopezz
ID: 31412066
Thanks Guys, it was a name resolution problem.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question