5-23
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 5 Configuring the Transparent or Routed Firewall
Firewall Mode Examples
If the destination MAC address is not in the adaptive security appliance table, the adaptive security
appliance attempts to discover the MAC address by sending an ARP request and a ping. The first
packet is dropped.
6. The web server responds to the request; because the session is already established, the packet
bypasses the many lookups associated with a new connection.
7. The adaptive security appliance performs NAT by translating the mapped address to the real address,
10.1.2.27.
An Outside User Visits a Web Server on the Inside Network
Figure 5-10 shows an outside user accessing the inside web server.
Figure 5-10 Outside to Inside
The following steps describe how data moves through the adaptive security appliance (see Figure 5-10):
1. A user on the outside network requests a web page from the inside web server.
2. The adaptive security appliance receives the packet and adds the source MAC address to the MAC
address table, if required. Because it is a new session, it verifies that the packet is allowed according
to the terms of the security policy (access lists, filters, AAA).
For multiple context mode, the adaptive security appliance first classifies the packet according to a
unique interface.
Host
209.165.201.2
209.165.201.1
209.165.200.230
Web Server
209.165.200.225
Management IP
209.165.201.6
Internet
92409
To Next Page
Loading...
Need help?
General
