I need to secure a VLAN (33) from the rest of my network. Devices in VLAN 33 only needs to communicate with a particular server/site on the Internet.
Currently I have the following 4 VLANs setup.
Interface Vlan32
description inside firewall
ip address 10.4.32.1
interface Vlan33
description lockdown VLAN
ip address 10.4.33.1 255.255.255.0
interface Vlan34
description open staff
ip address 10.4.34.1 255.255.255.0
interface Vlan35
description open VLAN
ip address 10.4.35.1 255.255.255.0
I want to block every VLAN from being able to access VLAN 33
VLAN 33 needs to be able to route traffic to the inside FW interface (10.4.32.1). It has a natted address out to the Internet.
The only traffic that needs to come into VLAN 33 is return traffic from the outside.
Can you help me setup the correct ACL?