5-19
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 5 Configuring the Transparent or Routed Firewall
Firewall Mode Examples
If the outside user is attempting to attack the inside network, the adaptive security appliance
employs many technologies to determine if a packet is valid for an already established session.
A DMZ User Attempts to Access an Inside Host
Figure 5-6 shows a user in the DMZ attempting to access the inside network.
Figure 5-6 DMZ to Inside
The following steps describe how data moves through the adaptive security appliance (see Figure 5-6):
1. A user on the DMZ network attempts to reach an inside host. Because the DMZ does not have to
route the traffic on the Internet, the private addressing scheme does not prevent routing.
2. The adaptive security appliance receives the packet and because it is a new session, the adaptive
security appliance verifies if the packet is allowed according to the security policy (access lists,
filters, AAA).
The packet is denied, and the adaptive security appliance drops the packet and logs the connection
attempt.
Web Server
10.1.1.3
User
10.1.2.27
209.165.201.2
10.1.1.110.1.2.1
Outside
Inside DMZ
92402
To Next Page
Loading...
Need help?
General
