- Trust Zone = inside Network = LAN = Local Network is protected & behind Firewall
- untrust Zone = outside Network = WAN = Public network that is outside protection of Firewall
- Restriced Zone = DMZ Network = DMZ = Restriced network is protected by Firewall, allow limit access to Outskide
3. Configure DMZ Network
ASA(config)#interface Ethernet0/2
ASA(config)#nameif DMZ
ASA(config)#security-level 50
ASA(config)#ip address 172.16.10.1 255.255.255.0
ASA(config)#no shut
2. configure NAT to access Web Server on DMZ Network from Internet
ASA(config)#object network DMZ_Web_Server
ASA(config-network-object)#host 172.16.10.2
ASA(config-network-object)#nat (dmz,outside) static interface service tcp www www
3. Configure ACL to allow access Web Server in DMZ Network from internet
ASA(config)#access-list outside_DMZ extended permit tcp any host 172.16.10.2 eq www
ASA(config)#access-group outside_DMZ in interface outside
EmoticonEmoticon