Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

DMZ web server

Hi Community,

I've prepared a scenario for test environment to clear some doubts, please see the attached image.

You can I have 3 interface on ASA and web server with a public ip address.

My question is that

1. When someone will try to access this webserver, how the packests will be on a ASA to reach the server ? Wha will be the routing ?

2. As you can see in the image the web server is int same subnet of ASA and router directly interfaces, what default I will use to go out from the dmz zone

If something not clear please let me know..

Any help will be highly appreciated

Cisco Employee

Re: DMZ web server

What is your webserver's inside/private address? 172.16.30.x right? It will use for its GW which is the ASA's DMZ interface IP address.

People on the internet will try to reach this web server with the ip address

The router on the outside will receive this packet and send it to the firewall.

The firewall will look at this packet and look at the translation configured and find the static translation and send the packet to the webserver's private address on the DMZ.


CreatePlease to create content