Tracert going to the wrong place

Posted on 2008-11-10
Last Modified: 2012-05-05
We added a new Exchange email server to our network, and for the time being it is running alongside the old server. Internall I have no problems accessing both, through Outlook or Webmail.

However from the outside I can't seem to get to the new server. I have an ASA5510 which I have set up with the proper ACL and NAT info, (translations for the public IP 71.x.x.202 to internal 192.x.x.250 for ports 110, 25 and 80) but when I try to reach the new server via webmail it does not even seem to be connecting to the ASA, as nothing shows up on the log.

So I ran a tracert for the public IP address of the new server (which has MX and A records set up for the new email server) but for some reason the tracert ends up going to the public IP of the old email server and then stops there.

Any ideas as to why it's going to the old server IP?

The MX info is set up as follows:

10 71.x.x.205
20 71.x.x.202

Question by:cfgchiran
    LVL 31

    Expert Comment

    Assuming you have your DNS set up correctly, you might try waiting a little bit for DNS replication - if it is your own then wait half an hour or so (usually 15 mins is okay), if public maybe up to a day - your DNS provider could tell you how often they actually replicate.

    You can also try ipconfig /flushdns followed by ipconfig /registerdns and see if that helps.  Try the registerdns option on the server as well.

    When checking your DNS, make sure to check both your forward and reverse lookup zones...  If you are able to, try accessing from the local server, from the dns server, as well as your client.
    LVL 1

    Author Comment

    Thank you for the response.

    While we have internal DNS servers, the public information is provided by our service provider. The MS info was set up last week, so it's been more than the 72 hours they said it could take for the DNS to propogate.

    Internall the server is set up to point to the local DNS servers, since it sits behind the ASA firewall. I am assuming the issue is with public DNS settings since when I try to use a browser to connect to 71.x.x.202 nothing shows up on my ASA. So it does not look like it's even making it that far.

    When I a reverse DNS for my old email server's IP 71.x.x.205, it reverses to, but when I do it for the new IP, it reverses to

    So is this simply an issue of the reverse DNS not been setup?
    LVL 2

    Expert Comment

    1. I'm not sure how does work ASA, but sometimes it happens, that is problem with multiple IP addresses on public interfaces of firewall, that provides source NAT to the first IP address. I faced it on NetScreen, but would demonstrate on Linux:
    eth0 =  is NATed to  
    eth0:0 = is NATed to
    eth1 is, which is default gw
    If on public interface is performed Masquerade, then whole network is source NATed to If whatever router on the way prohibits different flow back and forth, then I can't reach the other IP address appart from the one, that is performed SNAT or Masquerade to.
    So, what actually might happen?

    I send TCP packet to port 25 on, which is NATed to If there runs SMTP, it sends packet back thru default gw. If packet leaves the firewall and masquerade is performed, then it gots source address not, but, that could be problem for certain TCP/IP implementations.
    LVL 1

    Accepted Solution

    None of the solutions presented worked. However it really did not become an issue for me once the PTR was set. All the traffic flows ok.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Suggested Solutions

    This article explains how a domain name may be inadvertently appended to all DNS queries. This exhibits as described below. (CODE)And / Or: (CODE) Cause This issue can occur in either of these two scenarios. EITHER 1. A Primary DNS S…
    If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now