1-17
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring the Transparent or Routed Firewall
Firewall Mode Examples
An Inside User Visits a Web Server on the DMZ
Figure 1-5 shows an inside user accessing the DMZ web server.
Figure 1-5 Inside to DMZ
The following steps describe how data moves through the ASA (see Figure 1-5):
1. A user on the inside network requests a web page from the DMZ web server using the destination
address of 10.1.1.3.
2. The ASA receives the packet and because it is a new session, the ASA verifies that the packet is
allowed according to the terms of the security policy (access lists, filters, AAA).
For multiple context mode, the ASA first classifies the packet to a context.
3. The ASA then records that a session is established and forwards the packet out of the DMZ interface.
4. When the DMZ web server responds to the request, the packet goes through the fast path, which lets
the packet bypass the many lookups associated with a new connection.
5. The ASA forwards the packet to the inside user.
An Outside User Attempts to Access an Inside Host
Figure 1-6 shows an outside user attempting to access the inside network.
Web Server
10.1.1.3
User
10.1.2.27
209.165.201.2
10.1.1.110.1.2.1
Inside DMZ
Outside
92403
To Next Page
Loading...
Need help?
General