An Outside User Visits A Web Server On The Dmz - Cisco ASA 5505 Configuration Manual

Asa 5500 series

Hide thumbs Also See for ASA 5505:

Table of Contents

Firewall Mode Examples

An Outside User Visits a Web Server on the DMZ

The following steps describe how data moves through the adaptive security appliance (see

Cisco ASA 5500 Series Configuration Guide using ASDM

When www.example.com responds to the request, the packet goes through the adaptive security

appliance, and because the session is already established, the packet bypasses the many lookups

associated with a new connection. The adaptive security appliance performs NAT by translating the

global destination address to the local user address, 10.1.2.27.

The adaptive security appliance forwards the packet to the inside user.

shows an outside user accessing the DMZ web server.

Outside to DMZ

209.165.201.2

A user on the outside network requests a web page from the DMZ web server using the global

destination address of 209.165.201.3, which is on the outside interface subnet.

The adaptive security appliance receives the packet and because it is a new session, the adaptive

security appliance verifies that the packet is allowed according to the terms of the security policy

(access lists, filters, AAA).

For multiple context mode, the adaptive security appliance first classifies the packet according to

either a unique interface or a unique destination address associated with a context; the destination

address is associated by matching an address translation in a context. In this case, the classifier

"knows" that the DMZ web server address belongs to a certain context because of the server address

translation.

The adaptive security appliance translates the destination address to the local address 10.1.1.3.

Dest Addr Translation

209.165.201.3

Configuring the Transparent or Routed Firewall

Show Quick Links

Table of Contents

Asa 5510 Asa 5540 Asa 5520 Asa 5550 Asa 5580