Chapter 8 Scenario: DMZ Configuration
Example DMZ Network Topology
8-4
Cisco ASA 5500 Series Getting Started Guide
78-19186-01
When an inside user requests an HTTP page from a web server on the Internet,
data moves through the adaptive security appliance as follows:
1. The user on the inside network requests a web page from www.example.com.
2. The adaptive security appliance receives the packet and, because it is a new
session, verifies that the packet is allowed.
3. The adaptive security appliance performs Network Address Translation
(NAT) to translate the local source address (192.168.1.2) to the public address
of the outside interface (209.165.200.225).
4. The adaptive security appliance records that a session is established and
forwards the packet from the outside interface.
5. When www.example.com responds to the request, the packet goes through the
adaptive security appliance using the established session.
6. The adaptive security appliance uses NAT to translate the public destination
(209.165.200.225) address to the local user address, 192.168.1.2.
7. The adaptive security appliance forwards the packet to the inside user.
An Internet User Visits the DMZ Web Server
Figure 8-3 shows the traffic flow through the adaptive security appliance when a
user on the Internet requests a web page from the DMZ web server.
To Next Page
Loading...
