DMZ route issue

Unanswered Question
Sep 30th, 2009
User Badges:


In our network we planned to use PIX with two WAN subnets to NAT the inside host to the outside and DMZ


outside : XX.90.225.X /27

inside :10.100.21.X /24

DMZ : XX.137.1.X /27

now all inside host will nat corresponding to the static nat which we deployed

for example :

Static (inside,outside) tcp XX.90.225.X80 80

Static (inside,DMZ) tcp XX.137.1.X 80 80

when we deployed we routed default route for outside and DMZ to next hop BGP router before connecting to the networks, command is accepted

after connecting to the network when i see there is no entry for DMZ ?

if i try to give router dmz XX.137.1.22 it says error cannot make route entry conflict with existing route

how i can achieve the NAT with the two subnets kindly suggest

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
platinum_jem Wed, 09/30/2009 - 18:43
User Badges:

You cannot have 2 Default routes going to 2 different places.

You must either choose to have it default routed out via Outside or DMZ, but not both.

Normally you configure your default route for going to the Internet (or outside), and you will specify specific subnets that you want to go via the DMZ path.

vinoth.kumar Thu, 10/01/2009 - 00:46
User Badges:

Thanks for your reply

now currently setup, we have is all NAT is done by router which is below config

interface FastEthernet0/0

ip address

ip nat inside

duplex auto

speed auto


interface FastEthernet0/1

ip address XX.90.225.X80 secondary

ip address XX.137.1.X 80

ip access-group nat_out in

ip nat outside

ip nat source static tcp XX.90.225.X70 80

ip nat source static tcp XX.137.1.180 80

and having the default route pointing to

XX.137.1.181 for both

now we planned to deploy the same setup how i can achieve this

is it possible with PIX


This Discussion