Step 3 Configure External Identity for the DMZ Web Server

The DMZ server is easily accessible by all hosts on the Internet. This configuration requires translating the DMZ server IP address so that it appears to be located on the Internet, enabling outside HTTP clients to access it unaware of the firewall. Complete the following steps to map the DMZ IP address (30.30.30.30) statically to a public IP address (209.165.156.11):

a.Right click in the gray area under the Translation Rules tab.

b.Select Add.

c.Select dmz from the drop-down menu of interfaces.

d.Enter the server IP address (30.30.30.30) or select the server by clicking on the Browse button.

e.Select 255.255.255.255 from the Mask drop-down menu.

f.Click the Static radio button.

g.Enter the external IP address (209.165.156.11). The Advanced button allows you to configure features such as limiting the number of connections per static entry and DNS rewrites.

h.Click the OK button.

i.Confirm the values that you entered. Click the Apply button.

15

Page 15
Image 15
Cisco Systems PIX515E quick start Configure External Identity for the DMZ Web Server