Filter
Top Products
6-5
Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide
78-17611-01
Chapter 6 Scenario: DMZ Configuration
Configuring the Security Appliance for a DMZ Deployment
This configuration procedure assumes that the adaptive security appliance already
has interfaces configured for the inside interface, the DMZ interface, and the
outside interface. Set up interfaces of the adaptive security appliance by using the
Startup Wizard in ASDM. Be sure that the DMZ interface security level is set
between 0 and 100. (A common choice is 50.)
For more information about using the Startup Wizard, see Chapter 5,
“Configuring the Adaptive Security Appliance.”
The section includes the following topics:
• Configuration Requirements, page 6-5
• Starting ASDM, page 6-6
• Creating IP Pools for Network Address Translation, page 6-7
• Configuring NAT for Inside Clients to Communicate with the DMZ Web
Server, page 6-12
• Configuring NAT for Inside Clients to Communicate with Devices on the
Internet, page 6-15
• Configuring an External Identity for the DMZ Web Server, page 6-16
• Providing Public HTTP Access to the DMZ Web Server, page 6-18
The following sections provide detailed instructions for how to perform each step.
Configuration Requirements
Configuring the adaptive security appliance for this DMZ deployment requires the
following configuration tasks:
• For the internal clients to have HTTP access to the DMZ web server, you must
create a pool of IP addresses for address translation and identify which clients
should use addresses from the pool. To accomplish this task, you should
configure the following:
–
A pool of IP addresses for the DMZ interface. In this scenario, the IP pool
is 10.30.30.50–10.30.30.60.
–
A dynamic NAT translation rule for the inside interface that specifies
which client IP addresses can be assigned an address from the IP pool.