No config change but now they can't get in

[Zelandakh]

2 year old Pix 515R. Single outside interface, single inside interface. No config changes for ages and even then it was only minor.

Not using access lists so it is all conduit based!

I can surf happily. No one can come in to my web server but could a few weeks ago.
I can nslookup correctly and then telnet to an external mail server on port 25.
Our mail server can nslookup correctly but CANNOT telnet to mail server or send mail out.
Email cannot come in.

Our syslog server naturally went pear shaped recently (unrelated) so there are no logs at the moment.

What can I look at?

 

[Zelandakh]

Internal proxy server set to firewall with:

nat (inside) 1 <internal ip> 255.255.255.255 2000 1000

Maybe that is a problem? But it was all working fine until recently...

 

[themut]

You are not giving us enough info to try to help you out. Look at the FAQ for safe posting and try to post your running configuration (wr t). Issue the command &quot;show local-host <web-server-ip>&quot; and try to determine if a translation exists for the web server's public IP address.

 

[Zelandakh]

ok, so we've narrowed it down!

Have done loads of checking and the config is fine. A reboot command doesn't make a difference but powering off for 30 seconds seems to have cured the problem (touch wood). Flash problem?