Common Configuration Scenarios - Cisco ASA 5510 Quick Start Manual

After ASDM starts, choose the Startup Wizard from the Wizards menu at the top of the
Step 7
window.
Follow the instructions in the Startup Wizard to set up your adaptive security appliance.
Step 8
For information about any field in the Startup Wizard, click Help at the bottom of the
window.
4

Common Configuration Scenarios

This section provides configuration examples for three common deployments of the adaptive security
appliance:
Hosting a web server on a DMZ network
•
Establishing remote-access VPN connections so that off-site clients can establish secure
•
communications with the internal network
Establishing a site-to-site VPN connection with other business partners or remote offices
•
Use these scenarios as a guide when you set up your network. Substitute your own network addresses
and apply additional policies as needed.
Scenario 1: DMZ Configuration
A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private
(inside) network and a public (outside) network. This example network topology is similar to most
DMZ implementations of the adaptive security appliance. The web server is on the DMZ interface,
and HTTP clients from both the inside and outside networks can access the web server securely.
In Figure 4, an HTTP client (10.10.10.10) on the inside network initiates HTTP communications with
the DMZ web server (10.30.30.30). HTTP access to the DMZ web server is provided for all clients on
the Internet; all other communications are denied. The network is configured to use an IP pool of
addresses between 10.30.30.50 and 10.30.30.60. (The IP pool is the range of IP addresses available to
the DMZ interface.)
11