Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
738
Views
0
Helpful
2
Replies

Firewall configuration for internet access

MIA87
Level 1
Level 1

‎03-22-2022 10:35 PM

Hello all,

I have a question related to internet access management to some users through firewall device. These users are on a common LAN with many other data points, but are segregated in a separate VLAN.

Assuming my project has many VLANs, like:

- Vlan 2100 Telephone

- Vlan 2101 Access Control

- Vlan 2102 General Ports

- Vlan 2200 Maintenance

- .....

There is no inter-vlan routing enabled on the access switches.

It was then requested that the computers connected to VLAN 2200 access an external server and the internet, whicht should be managed by a firewall.

My question is how should I configure the firewall to give internet access only for the "Maintenance" vlan (vlan 2200) and that the other high security vlans will not be given the permission to access the internet, affected or vulnerable to external attacks.

 

I would like to know what should be the best technical solution to achieve this target from expert point of view.

If the vlan segregation will not work, what would be the alternative solution ?

 

Thanks in advance,

MIA87

 

0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎03-23-2022 01:19 AM

what Firewall here ?

 

you need to NAT only IP address belongs to VLAN 2200 and access list to allow., 

 

by default rest will be blocked at FW, since there is no NAT to go to the internet.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

MIA87
Level 1
Level 1
In response to balaji.bandi

‎03-23-2022 05:46 AM

Thanks Mr. Balaji Bandi for your reply,

 

I do apologies for this, but I am not that expert in the networking.

Could you please emphasize more how should be the architecture ?

 

Please refer to a draft diagram I made quickly about the topology. Assuming that we have a layer 3 switch (core switch) that should have the firewall and the internet connection connected to it.

Based on your reply, should the NAT be configured on the Fa0/1 of the layer 3 switch ?

should the firewall be placed same as illustrated between the layer 3 switch and the external ISP ?

What type of configuration should be done on the Firewall ?

 

Maybe the diagram is not 100% accurate, I may correct it later-on if required.

 

Thanks in advance,

MIA87

Preview file
112 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card