A Dmz User Attempts To Access An Inside Host - Cisco ASA 5505 Configuration Manual
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 5
Configuring the Transparent or Routed Firewall
A DMZ User Attempts to Access an Inside Host
Figure 5-6
Figure 5-6
Inside
User
10.1.2.27
The following steps describe how data moves through the adaptive security appliance (see
1.
2.
OL-20339-01
If the outside user is attempting to attack the inside network, the adaptive security appliance
employs many technologies to determine if a packet is valid for an already established session.
shows a user in the DMZ attempting to access the inside network.
DMZ to Inside
Outside
209.165.201.2
10.1.2.1
10.1.1.1
Web Server
10.1.1.3
A user on the DMZ network attempts to reach an inside host. Because the DMZ does not have to
route the traffic on the Internet, the private addressing scheme does not prevent routing.
The adaptive security appliance receives the packet and because it is a new session, the adaptive
security appliance verifies if the packet is allowed according to the security policy (access lists,
filters, AAA).
The packet is denied, and the adaptive security appliance drops the packet and logs the connection
attempt.
DMZ
Cisco ASA 5500 Series Configuration Guide using ASDM
Firewall Mode Examples
Figure
5-6):
5-19
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
