Specifications
Chapter 2 Scenario: DMZ Configuration
Configuring the Security Appliance for a DMZ Deployment
2-6
PIX 515E Security Appliance Getting Started Guide
78-17645-01
To accomplish this task, you should configure a PAT translation rule (port
address translation rule, sometimes called an interface NAT) for the internal
interface that translates internal IP addresses to the external IP address of the
security appliance.
In this scenario, the internal address to be translated is that of a subnet of the
private network (10.10.10.0). Addresses from this subnet are translated to the
public address of the security appliance (209.165.200.225).
• For external clients to have HTTP access to the DMZ web server, you must
configure an external identity for the DMZ web server and an access rule that
permits HTTP requests coming from clients on the Internet. To accomplish
this task, you should configure the following:
–
Create a static NAT rule. This rule translates the real IP address of the
DMZ web server to a single public IP address. In this scenario, the public
address of the web server is 209.165.200.226.
–
Create a security access rule permitting traffic from the Internet if the
traffic is an HTTP request destined for the public IP address of the DMZ
web server.
Starting ASDM
To run ASDM in a web browser, enter the factory-default IP address in the
address field: https://192.168.1.1/admin/.
Note Remember to add the “s” in “https” or the connection fails. HTTPS
(HTTP over SSL) provides a secure connection between your browser
and the security appliance.
The Main ASDM window appears.