Filter
Top Products
15-5
Cisco Security Appliance Command Line Configuration Guide
OL-12172-01
Chapter 15 Firewall Mode Overview
Routed Mode Overview
The following steps describe how data moves through the security appliance (see Figure 15-3):
1. A user on the inside network requests a web page from the DMZ web server using the destination
address of 10.1.1.3.
2. The security appliance receives the packet and because it is a new session, the security appliance
verifies that the packet is allowed according to the terms of the security policy (access lists, filters,
AAA).
For multiple context mode, the security appliance first classifies the packet according to either a
unique interface or a unique destination address associated with a context; the destination address
is associated by matching an address translation in a context. In this case, the interface is unique;
the web server IP address does not have a current address translation.
3. The security appliance then records that a session is established and forwards the packet out of the
DMZ interface.
4. When the DMZ web server responds to the request, the packet goes through the fast path, which lets
the packet bypass the many lookups associated with a new connection.
5. The security appliance forwards the packet to the inside user.
An Outside User Attempts to Access an Inside Host
Figure 15-4 shows an outside user attempting to access the inside network.
Figure 15-4 Outside to Inside
www.example.com
User
10.1.2.27
209.165.201.2
10.1.1.110.1.2.1
Outside
Inside DMZ
92407