Specifications
2-5
PIX 515E Security Appliance Getting Started Guide
78-17645-01
Chapter 2 Scenario: DMZ Configuration
Configuring the Security Appliance for a DMZ Deployment
This configuration procedure assumes that the security appliance already has
interfaces configured for the inside interface, the DMZ interface, and the outside
interface. Set up interfaces of the security appliance by using the Startup Wizard
in ASDM. Be sure that the DMZ interface security level is set between 0 and 100.
(A common choice is 50.)
For more information about using the Startup Wizard, see Setting Up the Security
Appliance, page 1-5.
The section includes the following topics:
• Configuration Requirements, page 2-5
• Starting ASDM, page 2-6
• Creating IP Pools for Network Address Translation, page 2-7
• Configuring NAT for Inside Clients to Communicate with the DMZ Web
Server, page 2-12
• Configuring an External Identity for the DMZ Web Server, page 2-16
• Providing Public HTTP Access to the DMZ Web Server, page 2-18
The following sections provide detailed instructions for how to perform each step.
Configuration Requirements
Configuring the security appliance for this DMZ deployment requires the
following configuration tasks:
• For the internal clients to have HTTP access to the DMZ web server, you
must create a pool of IP addresses for address translation and identify which
clients should use addresses from the pool. To accomplish this task, you
should configure the following:
–
A pool of IP addresses for the DMZ interface. In this scenario, the IP pool
is 10.30.30.50–10.30.30.60.
–
A dynamic NAT translation rule for the inside interface that specifies
which client IP addresses can be assigned an address from the IP pool.
• For the internal clients to have access to HTTP and HTTPS resources on the
Internet, you must create a rule that translates the real IP addresses of internal
clients to an external address that can be used as the source address.