Example DMZ Network Topology
Figure 6-1
Network Layout for DMZ Configuration Scenario
HTTP client
inside interface
10.10.10.0
(private address)
10.10.10.0
(private address)
Cisco ASA 5505 Getting Started Guide
6-2
Security
Appliance
outside interface
209.165.200.225
(public address)
DMZ interface
10.30.30.0
(private address)
DMZ Web
Private IP address: 10.30.30.30
Server
Public IP address: 209.165.200.226
This example scenario has the following characteristics:
The web server is on the DMZ interface of the adaptive security appliance.
•
HTTP clients on the private network can access the web server in the DMZ
•
and can also communicate with devices on the Internet.
Clients on the Internet are permitted HTTP access to the DMZ web server; all
•
other traffic is denied.
The network has two routable IP addresses that are publicly available: one for
•
the outside interface of the adaptive security appliance (209.165.200.225),
and one for the public IP address of the DMZ web server (209.165.200.226).
Figure 6-2
shows the outgoing traffic flow of HTTP requests from the private
network to both the DMZ web server and to the Internet.
Chapter 6
Scenario: DMZ Configuration
HTTP client
Internet
HTTP client
78-17612-01