PIX-6-110001: No route to from

Unanswered Question
Feb 28th, 2008
User Badges:

I have a 525 running 6.3 setup with 3 interfaces. Inside, branch, and dmz.

The ip address range of my Head Office is and my branch is

I have a server in the dmz with an IP address of

The firewall has had a static translation rule for a long time that I cannot remove.

Here is a exerpt from my config

nameif ethernet0 inside security100

nameif ethernet1 dmz security75

nameif ethernet2 branch security80

static (inside,branch) netmask 0 0

I believe when users come from the branch office to the server in the dmz,

the static translation rule takes effect and the packet tries to go out the inside interface instead of the dmz interface. This causes the no route error I am seeing in my syslogs.

I need to figure out a way to fix this without getting rid of my current static translation or changing the ip's of the dmz subnet

Any suggestions? Thank you

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cdusio Thu, 02/28/2008 - 17:00
User Badges:
  • Bronze, 100 points or more

that statement basically says that anyone from the branch will be presented with address space. What is the address of the DMZ interface?


This Discussion