An inside user visits a web server – Cisco ASA 5505 User Manual
Page 190
4-18
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 4 Configuring the Transparent or Routed Firewall
Firewall Mode Examples
An Inside User Visits a Web Server
shows an inside user accessing an outside web server.
Figure 4-3
Inside to Outside
The following steps describe how data moves through the ASA (see
):
1.
The user on the inside network requests a web page from www.example.com.
2.
The ASA receives the packet and because it is a new session, the ASA verifies that the packet is
allowed according to the terms of the security policy (access lists, filters, AAA).
For multiple context mode, the ASA first classifies the packet according to either a unique interface
or a unique destination address associated with a context; the destination address is associated by
matching an address translation in a context. In this case, the interface would be unique; the
www.example.com IP address does not have a current address translation in a context.
3.
The ASA translates the local source address (10.1.2.27) to the global address 209.165.201.10, which
is on the outside interface subnet.
The global address could be on any subnet, but routing is simplified when it is on the outside
interface subnet.
4.
The ASA then records that a session is established and forwards the packet from the outside
interface.
Web Server
10.1.1.3
www.example.com
User
10.1.2.27
209.165.201.2
10.1.1.1
10.1.2.1
Source Addr Translation
209.165.201.10
10.1.2.27
Outside
Inside
DMZ
92404