DMZ route issue

Unanswered Question
Sep 30th, 2009

Hi

In our network we planned to use PIX with two WAN subnets to NAT the inside host to the outside and DMZ

like

outside : XX.90.225.X /27

inside :10.100.21.X /24

DMZ : XX.137.1.X /27

now all inside host will nat corresponding to the static nat which we deployed

for example :

Static (inside,outside) tcp XX.90.225.X80 10.102.21.10 80

Static (inside,DMZ) tcp XX.137.1.X 80 10.102.21.50 80

when we deployed we routed default route for outside and DMZ to next hop BGP router before connecting to the networks, command is accepted

after connecting to the network when i see there is no entry for DMZ ?

if i try to give router dmz 0.0.0.0 0.0.0.0 XX.137.1.22 it says error cannot make route entry conflict with existing route

how i can achieve the NAT with the two subnets kindly suggest

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
platinum_jem Wed, 09/30/2009 - 18:43

You cannot have 2 Default routes going to 2 different places.

You must either choose to have it default routed out via Outside or DMZ, but not both.

Normally you configure your default route for going to the Internet (or outside), and you will specify specific subnets that you want to go via the DMZ path.

vinoth.kumar Thu, 10/01/2009 - 00:46

Thanks for your reply

now currently setup, we have is all NAT is done by router which is below config

interface FastEthernet0/0

ip address 10.102.21.3 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

ip address XX.90.225.X80 255.255.255.240 secondary

ip address XX.137.1.X 80 255.255.255.240

ip access-group nat_out in

ip nat outside

ip nat source static tcp XX.90.225.X70 10.102.21.10 80

ip nat source static tcp XX.137.1.180 10.102.21.50 80

and having the default route pointing to

XX.137.1.181 for both

now we planned to deploy the same setup how i can achieve this

is it possible with PIX

Actions

This Discussion