Chapter 8 Scenario: DMZ Configuration
Configuring the Adaptive Security Appliance for a DMZ Deployment
8-10
Cisco ASA 5500 Series Getting Started Guide
78-19186-01
Information to Have Available
Before you begin this configuration procedure, gather the following information:
• Internal IP address of the server inside the DMZ that you want to make
available to clients on the public network (in this scenario, a web server).
• Public IP addresses to be used for servers inside the DMZ. (Clients on the
public network will use the public IP address to access the server inside the
DMZ.)
• Client IP address to substitute for internal IP addresses in outgoing traffic (in
this scenario the IP address of the outside interface). Outgoing client traffic
will appear to come from this address so that the internal IP address is not
exposed.
Enabling Inside Clients to Communicate with Devices on the
Internet
To permit internal clients to request content from devices on the Internet, the
adaptive security appliance translates the real IP addresses of internal clients to
the external address of the outside interface (that is, the public IP address of the
adaptive security appliance). Outgoing traffic appears to come from this address.
Enabling Inside Clients to Communicate with the DMZ Web
Server
In this procedure, you configure the adaptive security appliance to allow internal
clients to communicate securely with the web server in the DMZ. To accomplish
this, you must configure a translation rule.
Configure a NAT rule between the DMZ and inside interfaces that translates the
real IP address of the DMZ web server to its public IP address (10.30.30.30 to
209.165.200.225).
This is necessary because when an internal client sends a DNS lookup request, the
DNS server returns the public IP address of the DMZ web server.
To Next Page
Loading...
Need help?
General
