PIX-6-110001: No route to 10.1.1.12 from 10.2.2.29

Unanswered Question
Feb 28th, 2008
User Badges:

I have a 525 running 6.3 setup with 3 interfaces. Inside, branch, and dmz.

The ip address range of my Head Office is 10.1.0.0 255.255.0.0 and my branch is 10.2.0.0 255.255.0.0.

I have a server in the dmz with an IP address of 10.1.1.12.

The firewall has had a static translation rule for a long time that I cannot remove.

Here is a exerpt from my config


nameif ethernet0 inside security100

nameif ethernet1 dmz security75

nameif ethernet2 branch security80


static (inside,branch) 10.1.0.0 10.1.0.0 netmask 255.255.0.0 0 0


I believe when users come from the branch office to the server in the dmz,

the static translation rule takes effect and the packet tries to go out the inside interface instead of the dmz interface. This causes the no route error I am seeing in my syslogs.

I need to figure out a way to fix this without getting rid of my current static translation or changing the ip's of the dmz subnet


Any suggestions? Thank you

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cdusio Thu, 02/28/2008 - 17:00
User Badges:
  • Bronze, 100 points or more

that statement basically says that anyone from the branch will be presented with 10.1.0.0 address space. What is the address of the DMZ interface?



Actions

This Discussion