15-2
CiscoSecurity Appliance Comman d Line Configuration Guide
OL-12172-01
Chapter15 Firewall Mode Overview
Routed Mode Overview
•An Inside User Visits a Web Server, page15-2
•An Outside User Visits a Web Server on the DMZ, page15-3
•An Inside User Visits a Web Server on the DMZ, page15-4
•An Outside User Attempts to Access an Inside Host, page 15-5
•A DMZ User Attempts to Access an Inside Host, page 15-6
An Inside User Visits a Web ServerFigure 15-1 shows an inside user accessing an outside web server.
Figure 15-1 Inside to Outside
The following steps describe how data moves through the security appliance (see Figure15-1):
1. The user on the inside network requests a web page from www.example.com.
2. The security appliance receives the packet and because it is a new session, the security appliance
verifies that the packet is allowed according to the terms of the security policy (access lists, filters,
AAA).
For multiple context mode, the security appliance first classifies the packet according to either a
unique interface or a unique destination address associated with a context; the destination address
is associated by matching an address translation in a context. In this case, the interface would be
unique; the www.example.com IPaddress does not have a current address translation in a context.
Web Server
10.1.1.3
www.example.com
User
10.1.2.27
209.165.201.2
10.1.1.110.1.2.1
Source Addr Translation
209.165.201.1010.1.2.27
Outside
Inside DMZ
92404