A dmz user attempts to access an inside host – Cisco ASA 5505 User Manual

Page 194

Advertising
background image

4-22

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 4 Configuring the Transparent or Routed Firewall

Firewall Mode Examples

A DMZ User Attempts to Access an Inside Host

Figure 4-7

shows a user in the DMZ attempting to access the inside network.

Figure 4-7

DMZ to Inside

The following steps describe how data moves through the ASA (see

Figure 4-7

):

1.

A user on the DMZ network attempts to reach an inside host. Because the DMZ does not have to
route the traffic on the Internet, the private addressing scheme does not prevent routing.

2.

The ASA receives the packet and because it is a new session, the ASA verifies if the packet is
allowed according to the security policy (access lists, filters, AAA).

The packet is denied, and the ASA drops the packet and logs the connection attempt.

Web Server

10.1.1.3

User

10.1.2.27

209.165.201.2

10.1.1.1

10.1.2.1

Outside

Inside

DMZ

92402

Advertising