Filter
Top Products
Chapter 6 Scenario: DMZ Configuration
Example DMZ Network Topology
6-2
Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide
78-17611-01
Figure 6-1 Network Layout for DMZ Configuration Scenario
This example scenario has the following characteristics:
• The web server is on the DMZ interface of the adaptive security appliance.
• HTTP clients on the private network can access the web server in the DMZ
and can also communicate with devices on the Internet.
• Clients on the Internet are permitted HTTP access to the DMZ web server; all
other traffic is denied.
• The network has two routable IP addresses that are publicly available: one for
the outside interface of the adaptive security appliance (209.165.200.225),
and one for the public IP address of the DMZ web server (209.165.200.226).
Figure 6-2 shows the outgoing traffic flow of HTTP requests from the private
network to both the DMZ web server and to the Internet.
132064
Internet
HTTP client
HTTP client
HTTP client
Security
Appliance
10.10.10.0
(private address)
inside interface
10.10.10.0
(private address)
outside interface
209.165.200.225
(public address)
DMZ interface
10.30.30.0
(private address)
DMZ Web
Server
Private IP address: 10.30.30.30
Public IP address: 209.165.200.226