Cisco ASA 5505 Getting Started Manual page 63

Chapter 6 Scenario: DMZ Configuration
Step 2
Step 3
Step 4
HTTP client
inside interface
192.168.1.1
(private address)
192.168.1.2
(private address)
Step 5
78-17612-02
From the Add drop-down list, choose Add Static NAT Rule.
The Add Static NAT Rule dialog box appears.
In the Real Address area, specify the following:
From the Interface drop-down list, choose the DMZ interface.
a.
Enter the real IP address of the DMZ web server. In this scenario, the IP
b.
address is 10.30.30.30.
From the Netmask drop-down list, choose 255.255.255.255.
c.
In the Static Translation area, specify the public IP address to be used for the web
server:
From the Interface drop-down list, choose Outside.
a.
From the IP Address drop-down list, choose the Interface IP keyword, which
b.
is the IP address for the specified outside interface, in this case.
Security
Appliance
outside interface
209.165.200.225
(public address)
DMZ interface
10.30.30.1
(private address)
DMZ Web Private IP address: 10.30.30.30
Server Public IP address: 209.165.200.226
Configure Port Address Translation.
Because there is only one public IP address, it is necessary to use Port Address
Translation to translate the IP address of the DMZ web server to the public outside
IP address of the adaptive security appliance. To configure Port Address
Translation, perform the following steps:
Check the Enable Port Address Translation (PAT) check box.
a.
From the Protocol drop-down list, choose tcp.
b.
In the Original Port field, enter 80.
c.
Configuring the Security Appliance for a DMZ Deployment
Internet
DNS
server
Cisco ASA 5505 Getting Started Guide
HTTP client
HTTP server
6-13