An Outside User Attempts To Access An Inside Host - Cisco ASA 5505 Configuration Manual

Firewall Mode Examples
3.
4.
5.
6.

An Outside User Attempts to Access an Inside Host

Figure 5-11
Figure 5-11
The following steps describe how data moves through the adaptive security appliance (see
1.
2.
Cisco ASA 5500 Series Configuration Guide using ASDM
5-24
The adaptive security appliance records that a session is established.
If the destination MAC address is in its table, the adaptive security appliance forwards the packet
out of the inside interface. The destination MAC address is that of the downstream router,
209.165.201.1.
If the destination MAC address is not in the adaptive security appliance table, the adaptive security
appliance attempts to discover the MAC address by sending an ARP request and a ping. The first
packet is dropped.
The web server responds to the request; because the session is already established, the packet
bypasses the many lookups associated with a new connection.
The adaptive security appliance forwards the packet to the outside user.
shows an outside user attempting to access a host on the inside network.
Outside to Inside
Host
Internet
209.165.201.2
Management IP
209.165.201.6
A user on the outside network attempts to reach an inside host.
The adaptive security appliance receives the packet and adds the source MAC address to the MAC
address table, if required. Because it is a new session, it verifies if the packet is allowed according
to the terms of the security policy (access lists, filters, AAA).
For multiple context mode, the adaptive security appliance first classifies the packet according to a
unique interface.
Chapter 5
Host
209.165.201.3
Configuring the Transparent or Routed Firewall
Figure 5-11):
OL-20339-01