I have a 525 running 6.3 setup with 3 interfaces. Inside, branch, and dmz.
The ip address range of my Head Office is 10.1.0.0 255.255.0.0 and my branch is 10.2.0.0 255.255.0.0.
I have a server in the dmz with an IP address of 10.1.1.12.
The firewall has had a static translation rule for a long time that I cannot remove.
Here is a exerpt from my config
nameif ethernet0 inside security100
nameif ethernet1 dmz security75
nameif ethernet2 branch security80
static (inside,branch) 10.1.0.0 10.1.0.0 netmask 255.255.0.0 0 0
I believe when users come from the branch office to the server in the dmz,
the static translation rule takes effect and the packet tries to go out the inside interface instead of the dmz interface. This causes the no route error I am seeing in my syslogs.
I need to figure out a way to fix this without getting rid of my current static translation or changing the ip's of the dmz subnet
Any suggestions? Thank you