An Inside User Visits A Web Server - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Transparent Mode Overview
This section describes how data moves through the security appliance, and includes the following topics:
•
•
•
An Inside User Visits a Web Server
Figure 15-9
Figure 15-9
The following steps describe how data moves through the security appliance (see
1.
2.
3.
4.
Cisco Security Appliance Command Line Configuration Guide
15-12
An Inside User Visits a Web Server, page 15-12
An Outside User Visits a Web Server on the Inside Network, page 15-13
An Outside User Attempts to Access an Inside Host, page 15-14
shows an inside user accessing an outside web server.
Inside to Outside
www.example.com
Internet
209.165.201.2
The user on the inside network requests a web page from www.example.com.
The security appliance receives the packet and adds the source MAC address to the MAC address
table, if required. Because it is a new session, it verifies that the packet is allowed according to the
terms of the security policy (access lists, filters, AAA).
For multiple context mode, the security appliance first classifies the packet according to a unique
interface.
The security appliance and records that a session is established.
If the destination MAC address is in its table, the security appliance forwards the packet out of the
outside interface. The destination MAC address is that of the upstream router, 209.186.201.2.
If the destination MAC address is not in the security appliance table, the security appliance attempts
to discover the MAC address by sending an ARP request and a ping. The first packet is dropped.
Management IP
209.165.201.6
Host
209.165.201.3
Chapter 15
Firewall Mode Overview
Figure
15-9):
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
