Table of Contents
Advertisement
Configuring the Security Appliance for a DMZ Deployment
Configuring an External Identity for the DMZ Web Server
Step 1
Step 2
Step 3
Step 4
PIX 515E Security Appliance Getting Started Guide
2-16
For many configurations, you would also need to create a NAT rule between the
inside interface and the outside interface to enable inside clients to communicate
with the Internet.
However, in this scenario you do not need to create this rule explicitly. The reason
is that the IP pool (pool ID 200) contains both types of addresses needed for
address translation: the range of IP addresses to be used by the DMZ interface,
and the IP address to be used for the outside interface. This enables ASDM to
create the second translation rule for you.
The DMZ web server needs to be accessible by all hosts on the Internet. This
configuration requires translating the private IP address of the DMZ web server
to a public IP address, enabling access to outside HTTP clients that are unaware
of the security appliance. To map the real web server IP address (10.30.30.30)
statically to a public IP address (209.165.200.226), perform the following steps:
In the ASDM window, click the Configuration tool.
In the Features pane, click NAT.
From the Add drop-down list, choose Add Static NAT Rule. The Add Static NAT
Rule dialog box appears.
In the Real Address area, specify the real IP address of the web server:
From the Interface drop-down list, choose the DMZ interface.
a.
Enter the real IP address of the DMZ web server. In this scenario, the IP
b.
address is 10.30.30.30.
From the Netmask drop-down list, choose the Netmask 255.255.255.255.
c.
Chapter 2
Scenario: DMZ Configuration
78-17645-01
- Quick Links:
- Starting Asdm
Hide quick links:
Advertisement
Table of Contents
