cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
218
Views
0
Helpful
1
Replies
Highlighted
Participant

Restricting LAN access from the WAN

Hello,

I posted theis in the General Security forum bit got no answers so please pardon the repeat if you subscrib to both

I have a client with a hub and spoke design with the remote offices coming in over a frame relay. All WAN traffic hits a 3640 at the central site before getting LAN access and even for Internet traffic. They want to stop the remote offices from just plugging in a computer and getting network access. They want something more manageable that access lists at each site. Somethig more appropriate would be a device or software that can monitor the inbound traffic on the 3640 and stop it is that particular computer cannot be authenticated. A twist is that they do not want the end -user at the remote sites to have to do anything different to get network access so the first thought that came to mind was MAC address filters but the traffic will be going out over a local router so the MAC address will change. Maybe software tokens or doing this with ACS? Anyone have any idea how we can get this done?

Thanks in advance!

1 REPLY 1
Frequent Contributor

Re: Restricting LAN access from the WAN

Best solution would be to place the 3640 behind a PIX, then place a separate router on the outside.