Cisco ASA 5505 Getting Started Manual page 53
Adaptive security appliance
Hide thumbs
Also See for ASA 5505:
- Configuration manual (1822 pages) ,
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages)
Table of Contents
Advertisement
Chapter 6
Scenario: DMZ Configuration
Figure 6-2
Outgoing HTTP Traffic Flow from the Private Network
Before an HTTP request
can be sent to the DMZ
web server, the URL
must be resolved to
an IP address
HTTP
DNS request
client
(inside interface)
192.168.1.1
HTTP request
192.168.1.2
(private address)
Client sends HTTP request
to ASA which forwards it
to the DMZ web server
78-17612-02
Security
Appliance
DMZ interface
10.30.30.1
(private address)
DMZ network
DMZ Web
Server
In
Figure
6-2, the adaptive security appliance permits HTTP traffic originating
from inside clients and destined for the DMZ web server. Because the internal
network does not include a DNS server, internal client requests for the DMZ web
server are handled as follows:
A lookup request is sent to the DNS server of the ISP. The public IP address
1.
of the DMZ web server is returned to the client.
The internal client sends the HTTP request to the adaptive security appliance.
2.
3.
The adaptive security appliance translates the public IP address of the DMZ
web server to its real address and forwards the request to the web server.
The DMZ web server returns the HTTP content to the adaptive security
4.
appliance with a destination address of the real IP address of the internal
client.
server
outside interface
Internet
209.165.200.225
(public address)
Private IP address: 10.30.30.30
Public IP address: 209.165.200.226
Cisco ASA 5505 Getting Started Guide
Example DMZ Network Topology
DNS
HTTP client
Web server
6-3
- Quick Links:
- Chapter 1 Before You Begin
Hide quick links:
Advertisement
Table of Contents
