[c-nsp] pix and css 11501
jason.plank at comcast.net
jason.plank at comcast.net
Tue Aug 14 18:20:47 EDT 2007
Why is your firewall seeing traffinc from 3.3.3.1. All traffic should be presented to your firewall as 4.4.4.4, unless your source nat is screwed up or unless the default gateway for your DMZ host is pointing to an interface on the firewall and not the actual CSS.
--
Regards,
Jason Plank
CCIE #16560
e: jason.plank at comcast.net
-------------- Original message ----------------------
From: "doug schmidt" <douglas.j.schmidt at gmail.com>
> hi all,
> Im trying to setup a new load balanced site. Its been a long day, and
> not sure if Im missing something.
> dmz is new network on pix, other load balanced sites are working under
> different setup.
>
> Basically, I have client web request coming from 1.1.1.1
> web site public ip is 2.2.2.2
> pix maps 2.2.2.2 to css vip 4.4.4.4
>
> pix
> 2.2.2.x - outside
> 3.3.3.x - dmz
> 4.4.4.x - inside
>
> css vip 4.4.4.4
> server1 - 3.3.3.1
> server2 - 3.3.3.2
>
> this is the message I get from pix when going to the site;
> 305006: regular translation creation failed for tcp src
> inside:1.1.1.1/3260 dst dmz:3.3.3.1/80
>
> thanks.
> ~doug
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list