5-22
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 5 Configuring the Transparent or Routed Firewall
Firewall Mode Examples
An Inside User Visits a Web Server Using NAT
Figure 5-8 shows an inside user accessing an outside web server.
Figure 5-9 Inside to Outside with NAT
The following steps describe how data moves through the adaptive security appliance (see Figure 5-8):
1. The user on the inside network requests a web page from www.example.com.
2. The adaptive security appliance receives the packet and adds the source MAC address to the MAC
address table, if required. Because it is a new session, it verifies that the packet is allowed according
to the terms of the security policy (access lists, filters, AAA).
For multiple context mode, the adaptive security appliance first classifies the packet according to a
unique interface.
3. The adaptive security appliance translates the real address (10.1.2.27) to the mapped address
209.165.201.10.
Because the mapped address is not on the same network as the outside interface, then be sure the
upstream router has a static route to the mapped network that points to the adaptive security
appliance.
4. The adaptive security appliance then records that a session is established and forwards the packet
from the outside interface.
5. If the destination MAC address is in its table, the adaptive security appliance forwards the packet
out of the outside interface. The destination MAC address is that of the upstream router, 10.1.2.1.
Management IP
10.1.2.2
www.example.com
10.1.2.1
Host
10.1.2.27
Internet
Source Addr Translation
209.165.201.1010.1.2.27
Static route on router
to 209.165.201.0/27
through security appliance
191243
Security
appliance
To Next Page
Loading...
Need help?
General
