Cisco 5510 Getting Started Guide - Page 93
Translating Internal Client IP Addresses Between the Inside and DMZ Interfaces, Configuration - firewall
UPC - 882658094767
View all Cisco 5510 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 93 highlights
Chapter 8 Scenario: DMZ Configuration Configuring the Adaptive Security Appliance for a DMZ Deployment Note Because there is not a DNS server on the inside network, DNS requests must exit the adaptive security appliance to be resolved by a DNS server on the Internet. This section includes the following topics: • Translating Internal Client IP Addresses Between the Inside and DMZ Interfaces, page 8-11 • Translating the Public Address of the Web Server to its Real Address on the Inside Interface, page 8-14 Translating Internal Client IP Addresses Between the Inside and DMZ Interfaces To configure NAT to translate internal client IP addresses between the inside interface and the DMZ interface, perform the following steps: Step 1 Step 2 In the Configuration > Firewall > NAT Rules pane, click the green + (plus) icon and choose and choose Add "Network Object" NAT Rule. The Add Network Object dialog box appears. Fill in the following values: • In the Name field, enter the object name. Use characters a to z, A to Z, 0 to 9, a period, a dash, a comma, or an underscore. The name must be 64 characters or less. • From the Type drop-down list, choose Network. • In the IP Address field, enter the real IP address of the client or network. In this scenario, the IP address of the network is 192.168.1.0. • In the Netmask field, enter the subnet mask if the IP address is an IPv4 address, or enter the prefix if the IP address is an IPv6 address. • (Optional) In the Description field, enter a description of the network object (up to 200 characters in length). Note If the NAT section is hidden, click NAT to expand the section. Step 3 Check the Add Automatic Translation Rules check box. 78-19186-01 Cisco ASA 5500 Series Getting Started Guide 8-11