1. Home
  2. Cisco Systems
  3. PIX route issue

PIX route issue

user in 172.17.12.91 (inside network) is pinging 192.168.1.1 (DMZ network) The access switch (console port) for the 172 network can PING all devices in the DMZ network Both are on "connected interfaces"- so shouldn't need a static route. In fact if I try to insert a static route the firewall says "route already exists"

PIX messages are:

110001: No route to 172.17.12.91 from 192.168.1.1 110001: No route to 172.17.12.91 from 192.168.1.1 110001: No route to 172.17.12.91 from 192.168.1.1

pixfirewall(config)# pixfirewall(config)# pixfirewall(config)# pixfirewall(config)# pixfirewall(config)# no logging on pixfirewall(config)# sho route outside 0.0.0.0 0.0.0.0 194.196.37.1 1 OTHER static inside 10.96.128.0 255.255.240.0 10.96.128.1 1 OTHER static inside 10.97.20.0 255.255.252.0 10.97.23.250 1 OTHER static intf3 127.0.0.1 255.255.255.255 127.0.0.1 1 CONNECT static inside 172.17.0.0 255.255.0.0 172.17.0.253 1 CONNECT static DMZ 192.168.1.0 255.255.255.0 192.168.1.1 1 CONNECT static inside 192.168.6.0 255.255.255.0 192.168.6.1 1 OTHER static outside 194.196.37.0 255.255.255.240 194.196.37.2 1 CONNECT static pixfirewall(config)#

Any ideas please , Ned

Reply to
Ned
Loading thread data ...

You say that the user on 172.17.12.91 is pinging a host in the DMZ. What's the question? Is this working or not? Can the user ping any other devices in the DMZ? Can the user ping anything else outside the local LAN?

Have you checked the routing table on the LAN host? They will need a default gateway to be able to get out from the LAN.

Chris.

Reply to
chris

No - the user cannot PING the DMZ devices. That's what the router message "110001: No route to 172.17.12.91 from 192.168.1.1" is saying. The user is 172.17.12.91. The 172.17 users have a default gateway - the default gateway CAN ping the DMZ devices. It is the PIX saying it has no route to the client - but it has a connected interface "inside

172.17.0.0 255.255.0.0 172.17.0.253 1 C> > user in 172.17.12.91 (inside network) is pinging 192.168.1.1 (DMZ > > network)
Reply to
Ned

do you have a static to dmz ?

static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

Reply to
Merv

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.