Filter
Top Products
6-3
Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide
78-17611-01
Chapter 6 Scenario: DMZ Configuration
Example DMZ Network Topology
Figure 6-2 Outgoing HTTP Traffic Flow from the Private Network
In Figure 6-2, the adaptive security appliance permits HTTP traffic originating
from inside clients and destined for both the DMZ web server and devices on the
Internet. To permit the traffic through, the adaptive security appliance
configuration includes the following:
• Access control rules permitting traffic destined for the DMZ web server and
for devices on the Internet.
• Address translation rules translating private IP addresses so that the private
addresses are not visible to the Internet.
For traffic destined for the DMZ web server, private IP addresses are
translated to an address from an IP pool.
For traffic destined for the Internet, private IP addresses are translated to the
public IP address of the adaptive security appliance. Outgoing traffic appears
to come from this address.
Figure 6-3 shows HTTP requests originating from the Internet and destined for
the public IP address of the DMZ web server.
153777
Internet
HTTP client
HTTP client
HTTP client
Security
Appliance
HTTP request
DMZ network
DMZ Web
Server
Private IP address: 10.30.30.30
Public IP address: 209.165.200.226
Internal IP address
translated to address
from IP pool
Internal IP address
translated to address
of outside interface
10.10.10.0
(private address)
outside interface
209.165.200.225
(public address)
HTTP request