Providing Public Http Access To The Dmz Web Server - Cisco ASA 5505 Getting Started Manual

Chapter 6 Scenario: DMZ Configuration

Providing Public HTTP Access to the DMZ Web Server

Step 1
Step 2
78-18003-02
By default, the adaptive security appliance denies all traffic coming in from the
public network. To permit traffic coming from the Internet to access the DMZ
web server, you must configure an access control rule permitting incoming HTTP
traffic destined for the DMZ web server.
This access control rule specifies the interface of the adaptive security appliance
that processes the traffic, that the traffic is incoming, the origin and destination of
the traffic, and the type of traffic protocol and service to be permitted.
In this section, you create an access rule that permits incoming HTTP traffic
originating from any host or network on the Internet, if the destination of the
traffic is the web server on the DMZ network. All other traffic coming in from the
public network is denied.
To configure the access control rule, perform the following steps:
In the main ASDM window, do the following:
Click the Configuration tool.
a.
In the Firewall pane, click Access Rules.
b.
Click the green plus icon, then choose Add Access Rule.
c.
The Add Access Rule dialog box appears.
In the Add Access Rule dialog box, do the following:
From the Interface pull-down list, choose Outside.
a.
Click the Permit Action radio button.
b.
In the Source field, enter Any.
c.
In the Destination field, enter the public IP address of the web server
d.
(209.165.200.225).
In the Service field, enter TCP.
e.
Click More Options.
f.
If you want the Access Control rule to be enabled immediately, check the
g.
Enable Rule check box.
Next to Traffic Direction, click In.
h.
In the Source Service field, enter tcp/http.
i.
Configuring the Security Appliance for a DMZ Deployment
ASA 5505 Getting Started Guide
6-25