Example DMZ Network Topology
Figure 6-1
Network Layout for DMZ Configuration Scenario
HTTP client
inside interface
192.168.1.1
(private address)
192.168.1.2
(private address)
Cisco ASA 5505 Getting Started Guide
6-2
Security
Appliance
outside interface
209.165.200.225
(public address)
DMZ interface
10.30.30.1
(private address)
DMZ Web
Private IP address: 10.30.30.30
Server
Public IP address: 209.165.200.226
This example scenario has the following characteristics:
The web server is on the DMZ interface of the adaptive security appliance.
•
HTTP clients on the private network can access the web server in the DMZ
•
and can also communicate with devices on the Internet.
Clients on the Internet are permitted HTTP access to the DMZ web server; all
•
other traffic is denied.
The network has one routable IP address that is publicly available: the outside
•
interface of the adaptive security appliance (209.165.200.225).
Figure 6-2
shows the outgoing traffic flow of HTTP requests from the private
network to both the DMZ web server and to the Internet.
Chapter 6
Scenario: DMZ Configuration
HTTP client
Internet
HTTP server
DNS
server
78-17612-02