I assume the dmz is public, not 10.x numbers?
In that case are you natting from the 10.101 network on the vpn to
the outside?
something like
nat (native) 0 access-list 100
in there as well as the nat statement for the (inside) interface?
Seriously, trying to help without a posted config is like feeling
around in a dark room looking for a pair of glasses.
Ted
-----Original Message-----
From: cisc...@puck.nether.net
[mailto:cisc...@puck.nether.net]On Behalf Of Marr, Joe
Sent: Saturday, January 01, 2005 9:06 PM
To: cisc...@puck.nether.net
Subject: [c-nsp] PIX route problems
I'm trying to configure the following
I have a Pix525 with 3 physical interfaces. The DMZ interface is
configured for VLANS. Only 2 vlans are used, native (matching up to
VLAN1 on my switch) is used for my DMZ servers and VLAN 55 is used to
connect to a VPN 3005. A /30 is used to number VLAN 55 on the PIX to the
private interface on the VPN 3005. A /24 is statically routed from the
PIX, pointing to the IP address on private interface for use by various
VPN clients.
My problem is that when I try to access anything from the VPN client /24
going to the DMZ interface, I get this error in the firewall log:
%PIX-6-110001: No route to 10.101.0.5 from 10.1.2.2
I can access everything from the VPN on the internal interface, I can't
figure out what's misconfigured.
The security setting for the interfaces are configured as follows:
dmz = 50
vpn = 25
Any help will be greatly appreciated.
5 messages in net.nether.puck.cisco-nsp[c-nsp] PIX route problems
