Could someone point me to a link(s) on Cisco's site to help me quickly explain, to a network manager, why the following scenario is technically not prudent from either a firewall or network architecture Other tasks prevent me from taking the time to research this today and I need to get this documented and explained, to possibly several layers of mgmt, by the end of the week.
Campus environment with a Class B. Currently all traffic comes through a single router to the Internet. Wants to segment off a portion of that address space to not go through the firewall,( unprotected to/from the Internet ) but still retain access back through the firewall to the protected portion of the address space. As an added bonus the address space may be assigned in a fragmented enough manner to defy this being a simple access-list solution to break the security.
I understand the issues but am not local to the mgr I need to explain this to to draw him some pretty pictures and verbiage.