https://community.cisco.com/t5/network-security/dmz-issues/m-p/714251#M965849 <HTML><HEAD></HEAD><BODY><P>S 0.0.0.0 0.0.0.0 [1/0] via 12.x.x.1, outside</P><P>C 12.x.x.0 255.255.255.128 is directly connected, outside</P><P>S 192.168.0.0 255.255.255.0 [1/0] via 192.168.252.3, inside</P><P>C 192.168.8.0 255.255.255.0 is directly connected, dmz</P><P>C 192.168.252.0 255.255.255.0 is directly connected, inside</P><P></P><P>Ben</P></BODY></HTML> Fri, 03 Aug 2007 19:41:48 GMT bma 2007-08-03T19:41:48Z https://community.cisco.com/t5/network-security/dmz-issues/m-p/714245#M965837 <P>Hi</P><P></P><P> We have PIX version 7.0. Netscaler in the dmz, and virtual server ip is the 192.168.8.98 (dmz network 192.168.8.0). inside web server is 192.168.0.250 setup with virtual server. If I setup a static (dmz,outside) 12.x.x.x 192.168.8.98 netmask 255.255.255.255 0 0 and access-list permit www access, when <A class="jive-link-custom" href="http://12.x.x.x" target="_blank">http://12.x.x.x</A> to access server get following message after build connection:</P><P></P><P>No route to 67.122.x.x from 192.168.0.250</P><P></P><P>Following is message from syslog: </P><P></P><P>2007-08-03 16:02:01 UTC Local0.Info 192.168.x.1 Aug 03 2007 08:50:53 : %PIX-6-302013: Built inbound TCP connection -1599250756 for vip-extranet:67.122.x.x/62523 (67.122.x.x/62523) to inside:192.168.0.250/8080 (192.168.0.250/8080)</P><P></P><P>2007-08-03 16:02:01 UTC Local0.Info 192.168.x.1 Aug 03 2007 08:50:53 : %PIX-6-110001: No route to 67.122.x.x from 192.168.0.250</P><P></P><P></P><P>2007-08-03 16:02:01 UTC Local0.Info 192.168.x.1 Aug 03 2007 08:50:53 : %PIX-6-302014: Teardown TCP connection -1599251913 for vip-extranet:67.122.x.x/62115 to inside:192.168.0.250/8080 duration 0:00:30 bytes 0 SYN Timeout</P><P></P><P></P><P>I don't sure it is routing issue and I ping from 67.122.x.x to 12.x.x.x is fine. please help.</P><P></P><P>Thanks</P><P></P><P>ben</P> Mon, 11 Mar 2019 10:53:19 GMT https://community.cisco.com/t5/network-security/dmz-issues/m-p/714245#M965837 bma 2019-03-11T10:53:19Z https://community.cisco.com/t5/network-security/dmz-issues/m-p/714246#M965838 <HTML><HEAD></HEAD><BODY><P>Hi Ben </P><P></P><P>Could you send a copy of your pix config if possible. If not could you send the NAT statements, intreface addresses and routing table. </P><P></P><P>Jon</P></BODY></HTML> Fri, 03 Aug 2007 18:12:12 GMT https://community.cisco.com/t5/network-security/dmz-issues/m-p/714246#M965838 Jon Marshall 2007-08-03T18:12:12Z https://community.cisco.com/t5/network-security/dmz-issues/m-p/714247#M965839 <HTML><HEAD></HEAD><BODY><P>2007-08-03 16:02:01 UTC Local0.Info 192.168.x.1 Aug 03 2007 08:50:53 : %PIX-6-302013: Built inbound TCP connection -1599250756 for vip-extranet:67.122.x.x/62523 (67.122.x.x/62523) to inside:192.168.0.250/8080 (192.168.0.250/8080) </P><P></P><P>are you trying to acces your site using </P><P></P><P><A class="jive-link-custom" href="http://12.x.x.x:8080" target="_blank">http://12.x.x.x:8080</A> or </P><P><A class="jive-link-custom" href="http://12.x.x.x" target="_blank">http://12.x.x.x</A></P><P></P><P>If it is </P><P><A class="jive-link-custom" href="http://12.x.x.x:8080" target="_blank">http://12.x.x.x:8080</A> </P><P></P><P>is your netscaler doing Port re-direction from http ( 80 ) to 8080 ? </P><P></P><P>If no then then you have do it either on AS or Netscaler</P></BODY></HTML> Fri, 03 Aug 2007 18:32:02 GMT https://community.cisco.com/t5/network-security/dmz-issues/m-p/714247#M965839 anandramapathy 2007-08-03T18:32:02Z https://community.cisco.com/t5/network-security/dmz-issues/m-p/714248#M965842 <HTML><HEAD></HEAD><BODY><P>Hi Jon</P><P></P><P>Following is related lines in the static lines</P><P>and show route:</P><P></P><P>nat (inside) 1 192.168.0.0 255.255.255.0</P><P>nat (dmz) 1 192.168.8.0 255.255.255.0</P><P>global (outside) 1 interface</P><P></P><P>static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.255.0</P><P></P><P>C 192.168.8.0 255.255.255.0 is directly connected, vip-extranet</P><P></P><P>How to get routing table? </P><P></P><P>no static setup for the virtual server ip setup, but don't sure how to setup it for virtual server ip? </P><P></P><P>Thanks</P><P></P><P>ben</P></BODY></HTML> Fri, 03 Aug 2007 18:40:04 GMT https://community.cisco.com/t5/network-security/dmz-issues/m-p/714248#M965842 bma 2007-08-03T18:40:04Z https://community.cisco.com/t5/network-security/dmz-issues/m-p/714249#M965845 <HTML><HEAD></HEAD><BODY><P>Yes, I try both, all get same messages. </P><P>netscaler virture server can do re-direction from 80 to 8080. </P><P></P><P>Thanks</P><P></P><P>ben</P></BODY></HTML> Fri, 03 Aug 2007 18:47:17 GMT https://community.cisco.com/t5/network-security/dmz-issues/m-p/714249#M965845 bma 2007-08-03T18:47:17Z https://community.cisco.com/t5/network-security/dmz-issues/m-p/714250#M965847 <HTML><HEAD></HEAD><BODY><P>Ben </P><P></P><P>routing table = "sh route"</P><P></P><P>Jon</P></BODY></HTML> Fri, 03 Aug 2007 19:22:51 GMT https://community.cisco.com/t5/network-security/dmz-issues/m-p/714250#M965847 Jon Marshall 2007-08-03T19:22:51Z https://community.cisco.com/t5/network-security/dmz-issues/m-p/714251#M965849 <HTML><HEAD></HEAD><BODY><P>S 0.0.0.0 0.0.0.0 [1/0] via 12.x.x.1, outside</P><P>C 12.x.x.0 255.255.255.128 is directly connected, outside</P><P>S 192.168.0.0 255.255.255.0 [1/0] via 192.168.252.3, inside</P><P>C 192.168.8.0 255.255.255.0 is directly connected, dmz</P><P>C 192.168.252.0 255.255.255.0 is directly connected, inside</P><P></P><P>Ben</P></BODY></HTML> Fri, 03 Aug 2007 19:41:48 GMT https://community.cisco.com/t5/network-security/dmz-issues/m-p/714251#M965849 bma 2007-08-03T19:41:48Z https://community.cisco.com/t5/network-security/dmz-issues/m-p/714252#M965851 <HTML><HEAD></HEAD><BODY><P>Jon</P><P></P><P> Do you have any idea about Netscaler virtual server ip and phiscal server ip can be on different subnet? My issue is virtual ip and phiscal server ip in different subnet.</P><P></P><P></P><P>Thanks</P><P></P><P>en</P></BODY></HTML> Fri, 03 Aug 2007 20:20:30 GMT https://community.cisco.com/t5/network-security/dmz-issues/m-p/714252#M965851 bma 2007-08-03T20:20:30Z