Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
347
Views
0
Helpful
1
Replies

wierd connection issue

dharris
Level 1
Level 1

‎01-09-2005 10:34 PM - edited ‎03-09-2019 09:57 AM

PIX 515E running 6.2(2)

I have 2 hosts on a dmz subnet of 10.250.1.0/24

this network connects directly to a firewall interface.

i have an internal network of 10.1.0.0/16

this net is separated by routers

hosts behind the internal network can ping 10.250.1.11 but they cannot ping 10.250.1.10

I have a static NAT for both hosts as they are accessible from the public. the public can get to both servers.

i can ping both from the firewall and show separate arp entries for both servers

unfortunately the guys on the internal have stopped their pings, however, debug icmp trace shows that

whenever they try to ping 10.250.1.11, I see a reply with no problems.

10.1.3.14 > CYBER-TEST echo

CYBER-TEST > 10.1.3.14 echo-reply

When i try 10.250.1.10, i see that the packet wants to go to the outside firewall interface

10.1.3.14 > 203.19.117.1 > CYBER_TEST

instead of following the proper route thru to the DMZ.

can anyone explain why this would be happening?

cheers

my relevant config is attached

Labels:
Preview file
7 KB
0 Helpful
1 Reply 1

nkhawaja
Cisco Employee
Cisco Employee

‎01-09-2005 11:18 PM

Hi,

Seem like a default gateway issue on host 10.250.1.10. Please verify it. Also this static statement is not needed and will cause trouble

static (inside,casa-dmz) 10.250.1.0 10.250.1.0 netmask 255.255.255.0 0 0

remove it.

Thanks

Nadeem

0 Helpful
Customers Also Viewed These Support Documents