Cisco ASA 5505 Getting Started Manual page 51
Hide thumbs
Also See for ASA 5505:
- Configuration manual (1822 pages) ,
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages)
Table of Contents
Advertisement
Chapter 6
Scenario: DMZ Configuration
Figure 6-2
Outgoing HTTP Traffic Flow from the Private Network
HTTP client
HTTP request
HTTP request
10.10.10.0
(private address)
Internal IP address
translated to address
from IP pool
78-17612-01
Security
Appliance
outside interface
209.165.200.225
(public address)
DMZ network
DMZ Web
Private IP address: 10.30.30.30
Server
Public IP address: 209.165.200.226
In
Figure
6-2, the adaptive security appliance permits HTTP traffic originating
from inside clients and destined for both the DMZ web server and devices on the
Internet. To permit the traffic through, the adaptive security appliance
configuration includes the following rules:
Access control rules permitting traffic destined for the DMZ web server and
•
for devices on the Internet.
Address translation rules translating private IP addresses so that the private
•
addresses are not visible to the Internet.
For traffic destined for the DMZ web server, private IP addresses are
translated to an address from an IP pool.
For traffic destined for the Internet, private IP addresses are translated to the
public IP address of the adaptive security appliance. Outgoing traffic appears
to come from this address.
Figure 6-3
shows HTTP requests originating from the Internet and destined for
the public IP address of the DMZ web server.
Internal IP address
translated to address
of outside interface
Internet
Cisco ASA 5505 Getting Started Guide
Example DMZ Network Topology
HTTP client
HTTP client
6-3
- Quick Links:
- Ports and Leds
Hide quick links:
Advertisement
Table of Contents
