Chapter 4
Configuring the Firewall Mode
How Data Moves Through the FWSM in Routed Firewall Mode
This section describes how data moves through the FWSM in routed firewall mode, and includes the
following topics:
•
•
•
•
•
An Inside User Visits a Website
Figure 4-2
Figure 4-2
Source Addr Translation
10.1.2.27
The steps below describe how data moves through the FWSM (see
1.
2.
OL-6392-01
An Inside User Visits a Website, page 4-3
An Outside User Visits a Website on the DMZ, page 4-4
An Inside User Visits a Website on the DMZ, page 4-5
An Outside User Attempts to Access an Inside Host, page 4-6
An DMZ User Attempts to Access an Inside Host, page 4-8
shows an inside user accessing an outside website.
Inside to Outside
Switch
209.165.201.10
Inside
User
10.1.2.27
The user on the inside network requests a web page from www.cisco.com.
The FWSM receives the packet, and because it is a new session, the FWSM verifies that the packet
is allowed according to the terms of the security policy (ACLs, filters, AAA).
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
www.cisco.com
Outside
209.165.201.2
FWSM
10.1.2.1
10.1.1.1
DMZ
Web Server
10.1.1.3
Firewall Mode Overview
Figure
4-2):
4-3