Chapter 8
Scenario: DMZ Configuration
Note
Translating Internal Client IP Addresses Between the Inside and DMZ Interfaces
Step 1
Step 2
Note
Step 3
78-19186-01
Because there is not a DNS server on the inside network, DNS requests must exit
the adaptive security appliance to be resolved by a DNS server on the Internet.
This section includes the following topics:
Translating Internal Client IP Addresses Between the Inside and DMZ
•
Interfaces, page 8-11
Translating the Public Address of the Web Server to its Real Address on the
•
Inside Interface, page 8-14
To configure NAT to translate internal client IP addresses between the inside
interface and the DMZ interface, perform the following steps:
In the Configuration > Firewall > NAT Rules pane, click the green + (plus) icon
and choose and choose Add "Network Object" NAT Rule.
The Add Network Object dialog box appears.
Fill in the following values:
•
In the Name field, enter the object name. Use characters a to z, A to Z, 0 to
9, a period, a dash, a comma, or an underscore. The name must be 64
characters or less.
From the Type drop-down list, choose Network.
•
In the IP Address field, enter the real IP address of the client or network. In
•
this scenario, the IP address of the network is 192.168.1.0.
In the Netmask field, enter the subnet mask if the IP address is an IPv4
•
address, or enter the prefix if the IP address is an IPv6 address.
(Optional) In the Description field, enter a description of the network object
•
(up to 200 characters in length).
If the NAT section is hidden, click NAT to expand the section.
Check the Add Automatic Translation Rules check box.
Configuring the Adaptive Security Appliance for a DMZ Deployment
Cisco ASA 5500 Series Getting Started Guide
8-11