Chapter 6 Scenario: DMZ Configuration
Configuring the Security Appliance for a DMZ Deployment
6-4
Cisco ASA 5550 Getting Started Guide
78-17644-01
Figure 6-3
Incoming HTTP Traffic Flow From the Internet
To permit incoming traffic to access the DMZ web server, the adaptive security
appliance configuration includes the following:
•
An address translation rule translating the public IP address of the DMZ web
server to the private IP address of the DMZ web server.
•
An access control rule permitting incoming HTTP traffic that is destined for
the DMZ web server.
The procedures for creating this configuration are detailed in the remainder of this
chapter.
Configuring the Security Appliance for a DMZ
Deployment
This section describes how to use ASDM to configure the adaptive security
appliance for the configuration scenario shown in
. The procedure uses
sample parameters based on the scenario.
153779
Internet
HTTP client
HTTP client
Security
Appliance
DMZ Web
Server
Private IP address: 10.30.30.30
Public IP address: 209.165.200.226
1
HTTP request
sent to public address
of DMZ web server.
Web server receives
request for content.
3
2
4
Incoming request
destined for public
address of DMZ web
server intercepted.
Destination IP address
translated to the private IP
address of the web server.