An Outside User Attempts To Access An Inside Host - Cisco ASA 5505 Configuration Manual
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Firewall Mode Examples
3.
4.
5.
An Outside User Attempts to Access an Inside Host
Figure 5-5
Figure 5-5
The following steps describe how data moves through the adaptive security appliance (see
1.
2.
3.
Cisco ASA 5500 Series Configuration Guide using ASDM
5-18
The adaptive security appliance then records that a session is established and forwards the packet
out of the DMZ interface.
When the DMZ web server responds to the request, the packet goes through the fast path, which lets
the packet bypass the many lookups associated with a new connection.
The adaptive security appliance forwards the packet to the inside user.
shows an outside user attempting to access the inside network.
Outside to Inside
www.example.com
Outside
209.165.201.2
10.1.2.1
10.1.1.1
Inside
User
10.1.2.27
A user on the outside network attempts to reach an inside host (assuming the host has a routable
IP address).
If the inside network uses private addresses, no outside user can reach the inside network without
NAT. The outside user might attempt to reach an inside user by using an existing NAT session.
The adaptive security appliance receives the packet and because it is a new session, the adaptive
security appliance verifies if the packet is allowed according to the security policy (access lists,
filters, AAA).
The packet is denied, and the adaptive security appliance drops the packet and logs the connection
attempt.
Chapter 5
DMZ
Configuring the Transparent or Routed Firewall
Figure
5-5):
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
