An Inside User Visits A Web Server - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 5
Configuring the Firewall Mode
An Inside User Visits a Web Server
Figure 5-9
Figure 5-9
The following steps describe how data moves through the FWSM (see
1.
2.
3.
4.
5.
6.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
shows an inside user accessing an outside web server.
Inside to Outside
www.example.com
Internet
209.165.201.2
FWSM
The user on the inside network requests a web page from www.example.com.
The FWSM receives the packet and adds the source MAC address to the MAC address table, if
required. Because it is a new session, it verifies that the packet is allowed according to the terms of
the security policy (access lists, filters, AAA).
For multiple context mode, the FWSM first classifies the packet according to a unique interface.
The FWSM records that a session is established.
If the destination MAC address is in its table, the FWSM forwards the packet out of the outside
interface. The destination MAC address is that of the upstream router, 209.165.201.2.
If the destination MAC address is not in the FWSM table, the FWSM attempts to discover the MAC
address by sending an ARP request and a ping. The first packet is dropped.
The web server responds to the request; because the session is already established, the packet
bypasses the many lookups associated with a new connection.
The FWSM forwards the packet to the inside user.
Management IP
209.165.201.6
Host
209.165.201.3
Transparent Mode Overview
Figure
5-9):
5-13
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
