Chapter 6 Scenario: DMZ Configuration
Configuring the Security Appliance for a DMZ Deployment
6-6
Cisco ASA 5550 Getting Started Guide
78-17644-01
•
For the internal clients to have access to HTTP and HTTPS resources on the
Internet, you must create a rule that translates the real IP addresses of internal
clients to an external address that can be used as the source address.
To accomplish this task, you should configure a PAT translation rule (port
address translation rule, sometimes called an interface NAT) for the internal
interface that translates internal IP addresses to the external IP address of the
adaptive security appliance.
In this scenario, the internal address to be translated is that of a subnet of the
private network (10.10.10.0). Addresses from this subnet are translated to the
public address of the adaptive security appliance (209.165.200.225).
•
For external clients to have HTTP access to the DMZ web server, you must
configure an external identity for the DMZ web server and an access rule that
permits HTTP requests coming from clients on the Internet. To accomplish
this task, you should configure the following:
–
Create a static NAT rule. This rule translates the real IP address of the
DMZ web server to a single public IP address. In this scenario, the public
address of the web server is 209.165.200.226.
–
Create a security access rule permitting traffic from the Internet if the
traffic is an HTTP request destined for the public IP address of the DMZ
web server.
Starting ASDM
To run ASDM in a web browser, enter the factory-default IP address in the address
field:
https://192.168.1.1/admin/
.
Note
Remember to add the “
s
” in “
https
” or the connection fails. HTTPS
(HTTP over SSL) provides a secure connection between your browser and
the adaptive security appliance.
The Main ASDM window appears.