Cisco Cisco IPS 4510 Sensor 백서

37

Firewall

August 2012 Series

37

Step 14:  

Select 

Monitored

, and then click 

Apply

.

Procedure 3 

Configure Network Address Translation

The DMZ network uses private network (RFC 1918) addressing that is not 
Internet-routable, so the firewall must translate the DMZ address of the web 
server to an outside public address. If there is a resilient Internet connection, 
the web server can have an address translation for each ISP. This resilient 
configuration, shown here for completeness, relies on the modification of 
DNS records in order to point incoming requests to the resilient web server 
address when the primary Internet connection is unavailable. 

The example DMZ address to public IP address mapping is shown in the 
following table.

192.168.16.100

172.16.130.100 (ISP-A)
172.17.130.100 (ISP-B for Dual ISP only)

Step 1:  

Navigate to 

Configuration > Firewall > Objects > Network

Objects/Groups

. 

First, you will add a network object for the web server’s IP address on the 
primary Internet connection.

Step 2:  

Click 

Add > Network Object

.

Step 3:  

On the Add Network Object dialog box, in the 

Name box

, 

enter a description for the web server’s public IP address. (Example: 
outside-webserver-ISPa)

Step 4:  

In the 

Type

 list, select 

Host

.

Step 5:  

In the 

IP Address

 box, enter the web server’s public IP address, and 

then click 

OK

. (Example: 172.16.130.100)

Step 6:  

On the Network Objects/Groups pane, click 

Apply

.