Cisco Systems ASA 5500 Manual De Usuario

For the internal clients to have access to HTTP and HTTPS resources on the 
Internet, you must create a rule that translates the real IP addresses of internal 
clients to an external address that can be used as the source address. 

To accomplish this task, you should configure a PAT translation rule (port 
address translation rule, sometimes called an interface NAT) for the internal 
interface that translates internal IP addresses to the external IP address of the 
adaptive security appliance. 

In this scenario, the internal address to be translated is that of a subnet of the 
private network (10.10.10.0). Addresses from this subnet are translated to the 
public address of the adaptive security appliance (209.165.200.225). 

For external clients to have HTTP access to the DMZ web server, you must 
configure an external identity for the DMZ web server and an access rule that 
permits HTTP requests coming from clients on the Internet. To accomplish 
this task, you should configure the following: 

Create a static NAT rule. This rule translates the real IP address of the 
DMZ web server to a single public IP address. In this scenario, the public 
address of the web server is 209.165.200.226. 

Create a security access rule permitting traffic from the Internet if the 
traffic is an HTTP request destined for the public IP address of the DMZ 
web server. 

To run ASDM in a web browser, enter the factory-default IP address in the address 
field: https://192.168.1.1/admin/.

Remember to add the “s” in “https” or the connection fails. HTTPS 
(HTTP over SSL) provides a secure connection between your browser and 
the adaptive security appliance.

The Main ASDM window appears.