Harry, You were correct. It was indeed a blocked DNS request.
I have opened up the DNS port and there are no more delays. Thanks for the help! Michael On Fri, Jul 20, 2012 at 11:52 AM, Harry Reynolds <[email protected]> wrote: > Perhaps a reverse dns lookup that fails, thereby delaying prompt? Maybe add > a dns term to see if that helps. The DNS query likely goes off subnet. > > HTHs > > > Regards > > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Michael Phung > Sent: Friday, July 20, 2012 11:36 AM > To: [email protected] > Subject: [j-nsp] MX5 firewall filter behaviour > > Hey Guys, > > Got a weird scenario which has be baffled, > > I have MX5 with several irbs. These irbs are protected with filters to permit > only specific IPs through to manage the servers within. for the most part the > filters are doing it's job, but there is a behaviour where when the filters > are put in place, SSH'ing from within the subnet, there is a long 30-45 sec > pause before the password prompt comes up, where as when I remove the filter, > password prompt comes up instantly. Since all the servers are on the same > subnet, why would making changes to the gateway affect this connectivity? It > shouldn't even hit the router. Am I missing something? > > Below are the configs; > > unit 300 { > description "management network"; > family inet { > filter { > output mgmt-in; > } > address 10.1.1.2/28 { > vrrp-group 0 { > virtual-address 10.1.1.1; > accept-data; > } > } > } > } > > > filter mgmt-in { > term tcp-established { > from { > protocol tcp; > tcp-established; > } > then accept; > } > term full-access { > from { > source-address { > 192.168.1.50/32; > } > } > then accept; > } > term reject-all { > then { > reject; > } > } > } > > > Looking to see if anyone has any suggestions. > > Thanks, > Michael > _______________________________________________ > juniper-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
