An Inside User Visits A Web Server - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 15
Firewall Mode Overview
•
•
An Inside User Visits a Web Server
Figure 15-2
Figure 15-2
Source Addr Translation
10.1.2.27
The following steps describe how data moves through the security appliance (see
1.
2.
3.
OL-10088-01
An Outside User Attempts to Access an Inside Host, page 15-6
A DMZ User Attempts to Access an Inside Host, page 15-7
shows an inside user accessing an outside web server.
Inside to Outside
209.165.201.10
Inside
User
10.1.2.27
The user on the inside network requests a web page from www.example.com.
The security appliance receives the packet and because it is a new session, the security appliance
verifies that the packet is allowed according to the terms of the security policy (access lists, filters,
AAA).
For multiple context mode, the security appliance first classifies the packet according to either a
unique interface or a unique destination address associated with a context; the destination address
is associated by matching an address translation in a context. In this case, the interface would be
unique; the www.example.com IP address does not have a current address translation in a context.
The security appliance translates the local source address (10.1.2.27) to the global address
209.165.201.10, which is on the outside interface subnet.
The global address could be on any subnet, but routing is simplified when it is on the outside
interface subnet.
www.example.com
Outside
209.165.201.2
10.1.2.1
10.1.1.1
DMZ
Web Server
10.1.1.3
Cisco Security Appliance Command Line Configuration Guide
Routed Mode Overview
Figure
15-2):
15-3
Advertisement
Table of Contents
Troubleshooting
