Transparent Mode Overview
5.
6.
An Outside User Attempts to Access an Inside Host
Figure 5-12
Figure 5-12
The following steps describe how data moves through the FWSM (see
1.
2.
3.
4.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
5-16
The web server responds to the request; because the session is already established, the packet
bypasses the many lookups associated with a new connection.
The FWSM forwards the packet to the outside user.
shows an outside user attempting to access a host on the inside network.
Outside to Inside
Host
Internet
209.165.201.2
FWSM
Management IP
209.165.201.6
A user on the outside network attempts to reach an inside host.
The FWSM receives the packet and adds the source MAC address to the MAC address table, if
required. Because it is a new session, it verifies if the packet is allowed according to the terms of the
security policy (access lists, filters, AAA).
For multiple context mode, the FWSM first classifies the packet according to a unique interface.
The packet is denied, and the FWSM drops the packet.
If the outside user is attempting to attack the inside network, the FWSM employs many technologies
to determine if a packet is valid for an already established session.
Host
209.165.201.3
Chapter 5
Configuring the Firewall Mode
Figure
5-12):
OL-20748-01