hit counter script

An Inside User Visits A Web Server - Cisco FirePOWER ASA 5500 series Configuration Manual

Security appliance command line
Hide thumbs Also See for FirePOWER ASA 5500 series:
Table of Contents

Advertisement

Chapter 15
Firewall Mode Overview

An Inside User Visits a Web Server

Figure 15-2
Figure 15-2
Source Addr Translation
10.1.2.27
The following steps describe how data moves through the security appliance (see
1.
2.
3.
OL-10088-01
An Outside User Attempts to Access an Inside Host, page 15-6
A DMZ User Attempts to Access an Inside Host, page 15-7
shows an inside user accessing an outside web server.
Inside to Outside
209.165.201.10
Inside
User
10.1.2.27
The user on the inside network requests a web page from www.example.com.
The security appliance receives the packet and because it is a new session, the security appliance
verifies that the packet is allowed according to the terms of the security policy (access lists, filters,
AAA).
For multiple context mode, the security appliance first classifies the packet according to either a
unique interface or a unique destination address associated with a context; the destination address
is associated by matching an address translation in a context. In this case, the interface would be
unique; the www.example.com IP address does not have a current address translation in a context.
The security appliance translates the local source address (10.1.2.27) to the global address
209.165.201.10, which is on the outside interface subnet.
The global address could be on any subnet, but routing is simplified when it is on the outside
interface subnet.
www.example.com
Outside
209.165.201.2
10.1.2.1
10.1.1.1
DMZ
Web Server
10.1.1.3
Cisco Security Appliance Command Line Configuration Guide
Routed Mode Overview
Figure
15-2):
15-3

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

Pix 500 seriesCisco asa 5500 series

Table of Contents