First I would enable "logging buffer error" and check "sh log" from time to time. The real help would be the sniffer here. If you could install sniffer on the outside and inside of the PIX and capture DNS packets, that would be something that will probably give you an answer where the problem is.
I had one issue another day where PIX was dropping SYN ACK packets, and there only way we found the problem is using the sniffer (SYN packet was apparently bypassing the PIX, when everybody swore that it could not). -- Lidiya White -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Justin C Sent: Wednesday, April 03, 2002 3:20 PM To: [EMAIL PROTECTED] Subject: DNS and Pix ... very wierd problem [7:40387] Group, The Pix 501 is running the default NAT/PAT configuration. Through it, I can check email using Outlook to talk to an Exchange Server, telnet and SSH to devices, and browse the web provided I type in the ip address of the web server. All requests for URL translation by a DNS server fail. The IP configuration (addresses, gateways, DNS servers) are correct. The Pix is direct to the cloud with only one PC behind it. Using Debug Packet, I have confirmed that requests for DNS translations go out and come back to the Pix (on the outside interface), but they do not seem to make it back to the host that originated the request. The code is 6.1(1), and I have contacted TAC. With SSH, TAC has inspected the box and cannot see a problem with the configuration. Nor can they explain why this is occuring. Before sending it back to Cisco for a replacement, I thought I would ask here to see if anyone has run across this. There are no access-lists or conduit statements, but Cisco (the Pix literature) and Cisco Press (Cisco Secure PIX Firewalls) say that they are unnecessary for this very simple setup. My thanks in advance for your time and input. Regards, Justin _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40404&t=40387 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]