cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
408
Views
4
Helpful
4
Replies

Errors from Ouput Interpreter does not like 'static (inside, dmz) 10.1.0.0

stownsend
Level 2
Level 2

I'me getting two warnings from the Output Interpreter .

- - - - -

I'm not sure what I would need to route if there is only subnet that is connected to the DMZ.

- - - - -

WARNING: The following interfaces do not have associated 'route' commands:

dmz

The PIX requires a static/default route for any destinations that are not

directly connected to these interfaces, assuming the PIX is not receiving a

default RIP route from a connected router on these interfaces.

TRY THIS: Configure a static/default route for those interfaces that need to

access non directly connected destinations using the configuration command,

'route if_name ip_address netmask gateway_ip [metric]'.

- - - - -

With this one I've read several posts that I need this to allow the DMZ host to talk to the Inside without NAT, though it complains about it.

- - - - -

INFO: The following static statements reference an IP address that do not belong

to the same subnet as the referenced interface:

'static (inside, dmz) 10.1.0.0 10.1.0.0 netmask 255.255.0.0'

references 'dmz'

TRY THIS: If there is a router connected to the reference interface, it will

require static routes to the PIX for any non-connected subnet addresses.

Any info would be appreciated.

thanks,

Scott<-

4 Replies 4

gfullage
Cisco Employee
Cisco Employee

The first one is just telling you you have no "route dmz ...." statements in your config. If you only have the directly connected network, then don't worry about it.

The second one is is telling you that the 10.1.0.0 network isn't the one configured on the dmz interface, which I'll admit is a bit odd cause that command is saying that 10.1.09.0 exists on the inside interface anyway.

It's just an INFO message so I wouldn't worry about it. The only ones I really worry about are the ERRORS.

Thanks for the reply.

I figured the route dmz with only the one subnet connected wasn't an issue, I was more converned with the other info message.

Is not having the traffic from the DMZ to the inside NATed a normal thing? It seems like I've seen many posts about not NATing the traffice between the two and thats the command to make it work.

Thanks,

Scott<-

Yeah, there's nothing wrong with what you've done. Not really sure why OI is complaining, I'll get the programming gurus to have a look at it.

Cool. Thanks...