Starting Asdm - Cisco ASA 5505 Getting Started Manual

Configuring the Security Appliance for a DMZ Deployment

Starting ASDM

Cisco ASA 5505 Getting Started Guide
6-6
To accomplish this task, you should configure a PAT translation rule (port
address translation rule, sometimes called an interface NAT) for the internal
interface that translates internal IP addresses to the external IP address of the
adaptive security appliance.
In this scenario, the internal address to be translated is that of a subnet of the
private network (10.10.10.0). Addresses from this subnet translated to the
public address of the adaptive security appliance (209.165.200.225).
For external clients to have HTTP access to the DMZ web server, you must
•
configure an external identity for the DMZ web server and an access rule that
permits HTTP requests coming from clients on the Internet. To accomplish
this task, you should configure the following:
Create a static NAT rule. This rule translates the real IP address of the
–
DMZ web server to a single public IP address. In this scenario, the public
address of the web server is 209.165.200.226
Create a security access rule permitting traffic from the Internet if the
–
traffic is an HTTP request destined for the public IP address of the DMZ
web server.
To run ASDM in a web browser, enter the factory default IP address in the address
field: https://192.168.1.1/admin/.
Remember to add the "s" in "https" or the connection fails. HTTPS over
Note
SSL (HTTPS) provides a secure connection between your browser and
the adaptive security appliance.
The Main ASDM window appears.
Chapter 6 Scenario: DMZ Configuration
78-17612-01