cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
759
Views
0
Helpful
7
Replies

dmz issues

bma
Beginner
Beginner

Hi

We have PIX version 7.0. Netscaler in the dmz, and virtual server ip is the 192.168.8.98 (dmz network 192.168.8.0). inside web server is 192.168.0.250 setup with virtual server. If I setup a static (dmz,outside) 12.x.x.x 192.168.8.98 netmask 255.255.255.255 0 0 and access-list permit www access, when http://12.x.x.x to access server get following message after build connection:

No route to 67.122.x.x from 192.168.0.250

Following is message from syslog:

2007-08-03 16:02:01 UTC Local0.Info 192.168.x.1 Aug 03 2007 08:50:53 : %PIX-6-302013: Built inbound TCP connection -1599250756 for vip-extranet:67.122.x.x/62523 (67.122.x.x/62523) to inside:192.168.0.250/8080 (192.168.0.250/8080)

2007-08-03 16:02:01 UTC Local0.Info 192.168.x.1 Aug 03 2007 08:50:53 : %PIX-6-110001: No route to 67.122.x.x from 192.168.0.250

2007-08-03 16:02:01 UTC Local0.Info 192.168.x.1 Aug 03 2007 08:50:53 : %PIX-6-302014: Teardown TCP connection -1599251913 for vip-extranet:67.122.x.x/62115 to inside:192.168.0.250/8080 duration 0:00:30 bytes 0 SYN Timeout

I don't sure it is routing issue and I ping from 67.122.x.x to 12.x.x.x is fine. please help.

Thanks

ben

7 Replies 7

Jon Marshall
VIP Community Legend VIP Community Legend
VIP Community Legend

Hi Ben

Could you send a copy of your pix config if possible. If not could you send the NAT statements, intreface addresses and routing table.

Jon

2007-08-03 16:02:01 UTC Local0.Info 192.168.x.1 Aug 03 2007 08:50:53 : %PIX-6-302013: Built inbound TCP connection -1599250756 for vip-extranet:67.122.x.x/62523 (67.122.x.x/62523) to inside:192.168.0.250/8080 (192.168.0.250/8080)

are you trying to acces your site using

http://12.x.x.x:8080 or

http://12.x.x.x

If it is

http://12.x.x.x:8080

is your netscaler doing Port re-direction from http ( 80 ) to 8080 ?

If no then then you have do it either on AS or Netscaler

Yes, I try both, all get same messages.

netscaler virture server can do re-direction from 80 to 8080.

Thanks

ben