Cisco 5510 Getting Started Guide - Page 91
Configuration Requirements - asa & static outside in
UPC - 882658094767
View all Cisco 5510 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 91 highlights
Chapter 8 Scenario: DMZ Configuration Configuring the Adaptive Security Appliance for a DMZ Deployment • Enabling Inside Clients to Communicate with Devices on the Internet, page 8-10 • Enabling Inside Clients to Communicate with the DMZ Web Server, page 8-10 • Configuring Static PAT for Public Access to the DMZ Web Server (Port Forwarding), page 8-17 • Providing Public HTTP Access to the DMZ Web Server, page 8-20 The remainder of this chapter provides instructions for how to implement this configuration. Configuration Requirements This DMZ deployment of the adaptive security appliance requires configuration rules as follows. So That... Create These Rules... Internal clients can request information from web servers on the Internet The adaptive security appliance comes with a default configuration that permits inside clients access to devices on the Internet. No additional configuration is required. Internal clients can • A NAT rule between the DMZ and inside interfaces that translates the request information from real IP address of the DMZ web server to its public IP address the DMZ web server (10.30.30.30 to 209.165.200.225). • A NAT rule between the inside and DMZ interfaces that translates the real addresses of the internal client network. In this scenario, the real IP address of the internal network is "translated" to itself, that is, the real IP address of the internal network is used when internal clients communicate with the DMZ web server (10.30.30.30). External clients can • An address translation rule between the outside and DMZ interfaces request information from that translates the public IP address of the DMZ web server to its private the DMZ web server IP address (209.165.200.225 to 10.30.30.30). • An access control rule permitting incoming HTTP traffic that is destined for the DMZ web server. 78-19186-01 Cisco ASA 5500 Series Getting Started Guide 8-9