Specifications
Chapter 2 Scenario: DMZ Configuration
Configuring the Security Appliance for a DMZ Deployment
2-4
PIX 515E Security Appliance Getting Started Guide
78-17645-01
Figure 2-3 Incoming HTTP Traffic Flow From the Internet
To permit incoming traffic to access the DMZ web server, the security appliance
configuration includes the following:
• An address translation rule translating the public IP address of the DMZ web
server to the private IP address of the DMZ web server.
• An access control rule permitting incoming HTTP traffic that is destined for
the DMZ web server.
The procedures for creating this configuration are detailed in the remainder of this
chapter.
Configuring the Security Appliance for a DMZ
Deployment
This section describes how to use ASDM to configure the security appliance for
the configuration scenario shown in Figure 2-1. The procedure uses sample
parameters based on the scenario.
153779
Internet
HTTP client
HTTP client
Security
Appliance
DMZ Web
Server
Private IP address: 10.30.30.30
Public IP address: 209.165.200.226
1
HTTP request
sent to public address
of DMZ web server.
Web server receives
request for content.
3
2
4
Incoming request
destined for public
address of DMZ web
server intercepted.
Destination IP address
translated to the private IP
address of the web server.