[c-nsp] PIX route problems
Marr, Joe
jmarr at brodart.com
Sun Jan 2 00:05:45 EST 2005
I'm trying to configure the following
I have a Pix525 with 3 physical interfaces. The DMZ interface is
configured for VLANS. Only 2 vlans are used, native (matching up to
VLAN1 on my switch) is used for my DMZ servers and VLAN 55 is used to
connect to a VPN 3005. A /30 is used to number VLAN 55 on the PIX to the
private interface on the VPN 3005. A /24 is statically routed from the
PIX, pointing to the IP address on private interface for use by various
VPN clients.
My problem is that when I try to access anything from the VPN client /24
going to the DMZ interface, I get this error in the firewall log:
%PIX-6-110001: No route to 10.101.0.5 from 10.1.2.2
I can access everything from the VPN on the internal interface, I can't
figure out what's misconfigured.
The security setting for the interfaces are configured as follows:
dmz = 50
vpn = 25
Any help will be greatly appreciated.
Joe Marr
More information about the cisco-nsp
mailing list