DMZ route issue

Unanswered Question
Sep 30th, 2009
User Badges:

Hi


In our network we planned to use PIX with two WAN subnets to NAT the inside host to the outside and DMZ


like

outside : XX.90.225.X /27

inside :10.100.21.X /24

DMZ : XX.137.1.X /27


now all inside host will nat corresponding to the static nat which we deployed


for example :


Static (inside,outside) tcp XX.90.225.X80 10.102.21.10 80


Static (inside,DMZ) tcp XX.137.1.X 80 10.102.21.50 80


when we deployed we routed default route for outside and DMZ to next hop BGP router before connecting to the networks, command is accepted


after connecting to the network when i see there is no entry for DMZ ?


if i try to give router dmz 0.0.0.0 0.0.0.0 XX.137.1.22 it says error cannot make route entry conflict with existing route


how i can achieve the NAT with the two subnets kindly suggest

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
platinum_jem Wed, 09/30/2009 - 18:43
User Badges:

You cannot have 2 Default routes going to 2 different places.

You must either choose to have it default routed out via Outside or DMZ, but not both.


Normally you configure your default route for going to the Internet (or outside), and you will specify specific subnets that you want to go via the DMZ path.

vinoth.kumar Thu, 10/01/2009 - 00:46
User Badges:

Thanks for your reply


now currently setup, we have is all NAT is done by router which is below config


interface FastEthernet0/0

ip address 10.102.21.3 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

ip address XX.90.225.X80 255.255.255.240 secondary

ip address XX.137.1.X 80 255.255.255.240

ip access-group nat_out in

ip nat outside


ip nat source static tcp XX.90.225.X70 10.102.21.10 80


ip nat source static tcp XX.137.1.180 10.102.21.50 80


and having the default route pointing to

XX.137.1.181 for both


now we planned to deploy the same setup how i can achieve this


is it possible with PIX


Actions

This Discussion