Chapter 6 Scenario: DMZ Configuration
Configuring the Security Appliance for a DMZ Deployment
6-10
ASA 5505 Getting Started Guide
78-18003-02
2. The internal client requests a web page from the public IP address of the DMZ
web server. The adaptive security appliance receives the request on its inside
interface.
3. The adaptive security appliance translates the public IP address of the DMZ
web server to its real address (209.165.200.225 -> 10.30.30.30) and forwards
the request out of its DMZ interface to the web server.
4. When the DMZ web server responds to the request, the adaptive security
appliance receives the data on its DMZ interface and forwards the data out of
its inside interface to the user.
The procedures for creating this configuration are detailed in the remainder of this
chapter.
Configuring the Security Appliance for a DMZ
Deployment
This section describes how to use ASDM to configure the adaptive security
appliance for the configuration scenario shown in Figure 6-2. The procedure uses
sample parameters based on the scenario.
This configuration procedure assumes that the adaptive security appliance already
has interfaces configured for the inside interface, the outside interface, and the
DMZ interface. Set up interfaces on the adaptive security appliance by using the
Startup Wizard in ASDM. Be sure that the DMZ interface security level is set
between 0 and 100. (A common choice is 50.)
For more information about using the Startup Wizard, see Chapter 5,
“Configuring the Adaptive Security Appliance.”
The section includes the following topics:
• Configuration Requirements, page 6-11
• Information to Have Available, page 6-11
• Starting ASDM, page 6-12
• Enabling Inside Clients to Communicate with Devices on the Internet,
page 6-14
• Enabling Inside Clients to Communicate with the DMZ Web Server,
page 6-15
To Next Page
Loading...
