Cisco ASA Series Cli Configuration Manual page 151
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 1
Configuring the Transparent or Routed Firewall
An Inside User Visits a Web Server
Figure 1-3
Figure 1-3
Source Addr Translation
10.1.2.27
The following steps describe how data moves through the ASA (see
1.
2.
3.
4.
5.
6.
shows an inside user accessing an outside web server.
Inside to Outside
209.165.201.10
Inside
User
10.1.2.27
The user on the inside network requests a web page from www.example.com.
The ASA receives the packet and because it is a new session, the ASA verifies that the packet is
allowed according to the terms of the security policy (access lists, filters, AAA).
For multiple context mode, the ASA first classifies the packet to a context.
The ASA translates the local source address (10.1.2.27) to the global address 209.165.201.10, which
is on the outside interface subnet.
The global address could be on any subnet, but routing is simplified when it is on the outside
interface subnet.
The ASA then records that a session is established and forwards the packet from the outside
interface.
When www.example.com responds to the request, the packet goes through the ASA, and because
the session is already established, the packet bypasses the many lookups associated with a new
connection. The ASA performs NAT by untranslating the global destination address to the local user
address, 10.1.2.27.
The ASA forwards the packet to the inside user.
www.example.com
Outside
209.165.201.2
10.1.2.1
10.1.1.1
DMZ
Web Server
10.1.1.3
Cisco ASA Series CLI Configuration Guide
Firewall Mode Examples
Figure
1-3):
1-15
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
