Cisco ASA 5510 Quick Start Manual page 20

Step 4: Provide HTTP Access to the DMZ Web Server.
By default, the adaptive security appliance denies all traffic coming in from the public network. You
must create access control rules on the adaptive security appliance to allow specific traffic types from
the public network through the adaptive security appliance to resources in the DMZ.
To configure an access control rule that allows HTTP traffic through the adaptive security appliance
so that any client on the Internet can access a web server inside the DMZ, perform the following steps:
In the ASDM window:
1.
Click Configuration.
a.
Choose Security Policy on the left side of the ASDM screen.
b.
In the table, click Add.
c.
In the Add Access Rule dialog box:
2.
Under Action, choose permit from the drop-down menu to allow traffic through the adaptive
a.
security appliance.
Under Source Host/Network, click IP Address.
b.
Choose outside from the Interface drop-down menu.
c.
Enter the IP address of the Source Host/Network information. (Use 0.0.0.0 to allow traffic
d.
originating from any host or network.)
Under Destination Host/Network, click IP Address.
e.
Choose the dmz interface from the Interface drop-down menu.
f.
In the IP address field, enter the IP address of the destination host or network, such as a web
g.
server. (In this scenario, the IP address of the web server is 10.30.30.30.)
Choose 255.255.255.224 from the Mask drop-down menu.
h.
Alternatively, you can select the Hosts/Networks in both cases by clicking the
Note
respective Browse buttons.
20