An Inside User Visits A Web Server - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Transparent Mode Overview
An Inside User Visits a Web Server
Figure 15-8
Figure 15-8
The following steps describe how data moves through the security appliance (see
1.
2.
3.
4.
5.
6.
Cisco Security Appliance Command Line Configuration Guide
15-12
shows an inside user accessing an outside web server.
Inside to Outside
www.example.com
Internet
209.165.201.2
The user on the inside network requests a web page from www.example.com.
The security appliance receives the packet and adds the source MAC address to the MAC address
table, if required. Because it is a new session, it verifies that the packet is allowed according to the
terms of the security policy (access lists, filters, AAA).
For multiple context mode, the security appliance first classifies the packet according to a unique
interface.
The security appliance records that a session is established.
If the destination MAC address is in its table, the security appliance forwards the packet out of the
outside interface. The destination MAC address is that of the upstream router, 209.186.201.2.
If the destination MAC address is not in the security appliance table, the security appliance attempts
to discover the MAC address by sending an ARP request and a ping. The first packet is dropped.
The web server responds to the request; because the session is already established, the packet
bypasses the many lookups associated with a new connection.
The security appliance forwards the packet to the inside user.
Management IP
209.165.201.6
Host
209.165.201.3
Chapter 15
Firewall Mode Overview
Figure
15-8):
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
