Advertisement
Step 4: Provide HTTP Access to the DMZ Web Server
By default, the security appliance denies all traffic coming in from the public network. You must create
access control rules on the security appliance to allow specific traffic types from the public network
through the security appliance to resources in the DMZ.
To configure an access control rule that allows HTTP traffic through the security appliance so that any
client on the Internet can access a web server inside the DMZ, complete the following steps:
1. In the ASDM window:
c. Click the Configuration button.
d. Choose the Security Policy button on the left side of the ASDM screen.
e. In the table, choose Add.
2. In the Add Rule window:
a. Under Action, choose permit from the drop-down menu to allow traffic through the security
appliance.
b. Under Source Host/Network, click the IP Address radio button.
c. Choose outside from the Interface drop-down menu.
d. Enter the IP address of the Source Host/Network information. (Use 0.0.0.0 to allow traffic
originating from any host or network.)
e. Under Destination Host/Network, click the IP Address radio button.
f. Choose the dmz interface from the Interface drop-down menu.
g. In the IP address field, enter the IP address of the destination host or network, such as a web
server. (In this scenario, the IP address of the web server is 30.30.30.30.)
h. Choose 255.255.255.255 from the Mask drop-down menu.
Alternatively, you can select the Hosts/Networks in both cases by clicking the
Note
respective Browse buttons.
16
Advertisement
