Cisco 5510 Getting Started Guide - Page 99
Configuring Static PAT for Public Access to the DMZ Web Server (Port Forwarding - asa firewall
UPC - 882658094767
View all Cisco 5510 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 99 highlights
Chapter 8 Scenario: DMZ Configuration Configuring the Adaptive Security Appliance for a DMZ Deployment Step 9 Click Apply to complete the adaptive security appliance configuration changes. Configuring Static PAT for Public Access to the DMZ Web Server (Port Forwarding) The DMZ web server needs to be accessible by all hosts on the Internet. This configuration requires translating the private IP address of the DMZ web server to a public IP address, which allows outside HTTP clients to access the web server without being aware of the adaptive security appliance. In this scenario the DMZ web server shares a public IP address with the outside interface of the adaptive security appliance (209.165.200.225). To map the real web server IP address (10.30.30.30) statically to a public IP address (209.165.200.225), perform the following steps: Step 1 Step 2 In the Configuration > Firewall > NAT Rules pane, click the green + (plus) icon and choose and choose Add "Network Object" NAT Rule. The Add Network Object dialog box appears. Fill in the following values: • In the Name field, enter the object name. Use characters a to z, A to Z, 0 to 9, a period, a dash, a comma, or an underscore. The name must be 64 characters or less. • From the Type drop-down list, choose Host. • In the IP Address field, enter the real IP address of the DMZ web server. In this scenario, the IP address is 10.30.30.30. • (Optional) In the Description field, enter a description of the network object (up to 200 characters in length). Note If the NAT section is hidden, click NAT to expand the section. Step 3 Check the Add Automatic Translation Rules check box. Step 4 From the Type drop-down list, choose Static. 78-19186-01 Cisco ASA 5500 Series Getting Started Guide 8-17