My situation is like this: The firewall has a static public IP address (192.168.2.1), and a Web Server is connect to the firewall in the DMZ, the Application Server and the Database Server are connected to the firewall from the inside interface. All the IP addresses of the Web, Application, and the Database Servers are private IPs such as 192.168.2.x (where x = 2, 3, 4). Some web applications are deployed to this system (on Application Server such as http://www.MyWebSite.com).
This will be what I expected: a user launches the web browser and types in http://www.mywebsite.com, trying to access the web application. The DNS server will direct the request to the firewall (192.168.2.1). Once the firewall receives the request, it will forward the request to the web server. The web servers HTTP server will pass through the firewall and send the request to the application server, which in turn queries the database.
My questions are:
1) Can the firewall (which has a public static IP) direct the request to the web server (which has a private IP) in the DMZ? If so, how does it do it? Do I need to configure the firewall?
2) How does the HTTP server (installed on the web server) send the request passing through the firewall? Any special configuration? Or by default.
3) If the firewall comes with the VPN capability, can I remotely access the web server, the application server and the database server via this firewall?
4) Can I have the same web server to carry out both the caching and HTTP functions?
To answer your first question, you need to use NAT on PIX.You can remotely access those servers; To answer your last question, you can do it but consider the overloading of the server. This purely depends on the load that you think the server should handle.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...