03-23-2015 07:54 PM - edited 03-11-2019 10:41 PM
Hi,
hopefully my question is fairly easy for someone with more knowledge than me. I have a cisco pix 525. it has multiple subnets on different nic cards and currently and I am hoping to only allow one subnet to talk into the others but not vice versa.
currently subnet a, and subnet b can talk to each other in both directions. how can I block all traffic from subnet a from getting into subnet b while allowing subnet b to do anything it wants to subnet a?
This scenario is setup on internal networks as well as subnets that are full and split tunnel. I would assume it would be identically but if someone could clarify, that would be great.
Thanks,
Jeff
03-24-2015 05:38 AM
You can do this by setting the security levels for the interfaces. Interfaces with higher security levels can pass traffic to interfaces with lower security levels but not vice versa unless explicitly defined. Interfaces with the same security level can pass traffic between each other.
03-24-2015 06:51 AM
Hi Jeff,
You can do this with inbound ACL. Try using this.
You can restrict one subnet with that.
Get Free Pre-Sales Technical Support and purchase Networking Hardware Equipment at lowest prices with fast shipment at www.thenetworkhardware.com
04-05-2015 05:34 AM
hi,
thanks for your replies. sorry I have been very busy lately.
I am aware of the security levels on the interfaces. they are currently set to 0 on the outside interface, 50 on the lab interface and 100 on the internal interface.
The problem I am having really is using doing hairpinned vpn access. full tunnel has access to the the internal network when connecting to the lab.
You had mentioned to use an ACL. yes. I have tried this blocking tcp and udp. When I try and block stuff, it bricks access to the network for all remote users(me). What specifically is the command you would use to lock it down.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide