Advertisement
4
Common Configuration Scenarios
This section provides configuration examples for two common security appliance configuration
scenarios:
• Hosting a web server on a DMZ network
• Establishing a site-to-site VPN connection with other business partners or remote offices
Use these scenarios as a guide when you set up your network. Substitute your own network addresses
and apply additional policies as needed.
Scenario 1: DMZ Configuration
A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private
(inside) network and a public (outside) network. This scenario is a sample network topology that is
common to most DMZ implementations that use the security appliance. The web server is on the DMZ
interface, and HTTP clients from both the inside and outside networks are able to access the web
server securely.
In the Figure 2, an HTTP client (10.10.10.10) on the inside network initiates HTTP communications
with the DMZ web server (30.30.30.30). HTTP access to the DMZ web server is provided for all
clients on the Internet; all other communications are denied. The network is configured to use an IP
pool of addresses between 30.30.30.50 and 30.30.30.60. (The IP pool is the range of IP addresses
available to the DMZ interface.)
Figure 2
Network Layout for DMZ Configuration Scenario
HTTP client
Inside
10.10.10.0
10.10.10.10
8
PIX 515E
Outside
209.165.156.10
DMZ
30.30.30.0
Web server
30.30.30.30
HTTP client
Internet
HTTP client
Advertisement
