Table of Contents
Advertisement
Chapter 2
Scenario: DMZ Configuration
Figure 2-2
Outgoing HTTP Traffic Flow from the Private Network
HTTP client
HTTP request
HTTP request
10.10.10.0
(private address)
Internal IP address
translated to address
from IP pool
78-17645-01
Security
Appliance
outside interface
209.165.200.225
(public address)
DMZ network
DMZ Web
Private IP address: 10.30.30.30
Server
Public IP address: 209.165.200.226
In
Figure
2-2, the security appliance permits HTTP traffic originating from inside
clients and destined for both the DMZ web server and devices on the Internet. To
permit the traffic through, the security appliance configuration includes the
following:
Access control rules permitting traffic destined for the DMZ web server and
•
for devices on the Internet.
Address translation rules translating private IP addresses so that the private
•
addresses are not visible to the Internet.
For traffic destined for the DMZ web server, private IP addresses are
translated to an address from an IP pool.
For traffic destined for the Internet, private IP addresses are translated to the
public IP address of the security appliance. Outgoing traffic appears to come
from this address.
Figure 2-3
shows HTTP requests originating from the Internet and destined for
the public IP address of the DMZ web server.
Internal IP address
translated to address
of outside interface
Internet
PIX 515E Security Appliance Getting Started Guide
Example DMZ Network Topology
HTTP client
HTTP client
2-3
- Quick Links:
- Starting Asdm
Hide quick links:
Advertisement
Table of Contents
