Professional Documents
Culture Documents
Hosting Web Site in DMZ in
Hosting Web Site in DMZ in
This is extension of this article ,we’ll add DMZ interface,and Web server in DMZ zone.We’ll
configure NAT and Access list to allow client from the internet access to Web site in DMZ
network
Changes in R1 router is only one entry for network 10.2.2.0 in EIGRP confoguration
R2:
interface FastEthernet0/0
ip address 209.165.200.225 255.255.255.248
duplex auto
speed auto
!
interface Serial1/0
ip address 10.1.1.1 255.255.255.0
serial restart-delay 0
!
router eigrp 20
network 10.1.1.0 0.0.0.255
network 209.165.200.0
no auto-summary
ASA config:
Configure network object for DMZ server,this object wil be used to translate address of web
server to an outside address using static nat (translated address will be 209.165.200.227-
“imagined” public IP address)
Create Access list that permits any IP protocol from anywhere (any) to web server
(192.168.12.10).Because traffic will flow through outside interface to dmz interface,traffic will
enter (IN) outside to go to the DMZ interface:
ciscoasa# sh xlate
3 in use, 3 most used
Flags: D – DNS, i – dynamic, r – portmap, s – static, I – identity , T – twice
NAT from dmz:192.168.12.10 to outside:209.165.200.227
flags s idle 0:00:19 timeout 0:00:00
As we can see,pings from outside (client1) to web server on dmz (209.165.200.227) are not
translated