• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 330
  • Last Modified:

No Route to Outside from DMZ

Hiya People...

Right, I have a Load Balancer which I need to NAT Straight through to the DMZ which sits on a PIX 515e.

even when I allow NAT Straight through to the DMZ the packets get there but it looks like they don't get back.

I get a NO Route to OutsideIP from DMZ Server IP (192.168.30.4)

the network is as follows...
External Routers - 123.123.123.1 and 123.123.123.3
External Load Balancer - ExternalIPs eg 123.123.123.2 and 123.123.123.4
PIX Outside IP - 123.123.123.5
PIX dmz int IP - 192.168.30.6
DMZ webserver - 192.168.30.4

The machine in the DMZ can access webpages and has good internet access.

The pix has a static route which i 0.0.0.0 0.0.0.0 123.123.123.3 - straight out of the External Router...

anybody have any hints please?

Thanks
0
chesterzoo
Asked:
chesterzoo
1 Solution
 
rsivanandanCommented:
Do you have all the nat statements with supplementing acl's in place? It should look something like this;

static (inside,outside) 123.123.123.2 192.168.30.x netmask 255.255.255.255

access-list <something> permit tcp any host 123.123.123.2 eq http

access-group in interface outside

Post the config if you have any further questions.


Cheers,
Rajesh
0
 
chesterzooAuthor Commented:
yes ive got all the ACL's in place...

ill grab the config in a bit...

Cheers
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Tackle projects and never again get stuck behind a technical roadblock.
Join Now