Cisco Systems OL-12172-01 Water Heater User Manual


 
15-3
Cisco Security Appliance Command Line Configuration Guide
OL-12172-01
Chapter 15 Firewall Mode Overview
Routed Mode Overview
3. The security appliance translates the local source address (10.1.2.27) to the global address
209.165.201.10, which is on the outside interface subnet.
The global address could be on any subnet, but routing is simplified when it is on the outside
interface subnet.
4. The security appliance then records that a session is established and forwards the packet from the
outside interface.
5. When www.example.com responds to the request, the packet goes through the security appliance,
and because the session is already established, the packet bypasses the many lookups associated
with a new connection. The security appliance performs NAT by translating the global destination
address to the local user address, 10.1.2.27.
6. The security appliance forwards the packet to the inside user.
An Outside User Visits a Web Server on the DMZ
Figure 15-2 shows an outside user accessing the DMZ web server.
Figure 15-2 Outside to DMZ
The following steps describe how data moves through the security appliance (see Figure 15-2):
1. A user on the outside network requests a web page from the DMZ web server using the global
destination address of 209.165.201.3, which is on the outside interface subnet.
Web Server
10.1.1.3
User
209.165.201.2
10.1.1.110.1.2.1
Dest Addr Translation
209.165.201.3
10.1.1.13
Outside
Inside
DMZ
92406