An Inside User Visits A Web Server - Cisco ASA 5505 Configuration Manual

Chapter 5 Configuring the Transparent or Routed Firewall

An Inside User Visits a Web Server

Figure 5-2
Figure 5-2
Source Addr Translation
10.1.2.27
The following steps describe how data moves through the adaptive security appliance (see
1.
2.
3.
4.
OL-20339-01
shows an inside user accessing an outside web server.
Inside to Outside
209.165.201.10
Inside
User
10.1.2.27
The user on the inside network requests a web page from www.example.com.
The adaptive security appliance receives the packet and because it is a new session, the adaptive
security appliance verifies that the packet is allowed according to the terms of the security policy
(access lists, filters, AAA).
For multiple context mode, the adaptive security appliance first classifies the packet according to
either a unique interface or a unique destination address associated with a context; the destination
address is associated by matching an address translation in a context. In this case, the interface
would be unique; the www.example.com IP address does not have a current address translation in a
context.
The adaptive security appliance translates the local source address (10.1.2.27) to the global address
209.165.201.10, which is on the outside interface subnet.
The global address could be on any subnet, but routing is simplified when it is on the outside
interface subnet.
The adaptive security appliance then records that a session is established and forwards the packet
from the outside interface.
www.example.com
Outside
209.165.201.2
10.1.2.1 10.1.1.1
DMZ
Web Server
10.1.1.3
Cisco ASA 5500 Series Configuration Guide using ASDM
Firewall Mode Examples
Figure 5-2):
5-15