Trying to block all traffic, but allow a one way data transfer.
I am trying to connect a Control network that can not have access to the Internet, or any other network for that matter, to my Admin network so that I can retrieve trend data about the plant that goes into a database. Right now the process is print information, hand jam into excel spreadsheet, print again, and hand jam into another excel spreadsheet on the other network. Reports are printed automatically once a day, but would like a simplified way of getting data from one network to the other without having to re-enter data several times. Current policies stipulate no USB drives connected to Control systems. Even if we could loosen that, personnel needed to transfer data is not available and going to each individual machine would take more time than current system.
Now that background is laid, I have two 2911 ISR routers with EIGRP configured, each with a 4 port EHWIC card. The 3 L3 ports on the router are setup as follows: interface G0/1 to the internet, interface G0/2 to a wireless back haul, and interface G0/0 for IT network. I then have 3 VLANs setup on the EHWICs for our Admin network. We will move the IT network to a VLAN on the remaining EHWIC port and connect the two 2911's through the G0/0 interface. I am going to have one computer on my Administration network dedicated to receiving the information and have a program that will take that data and import it to a database. I need to allow only that computer to receive traffic from the Control network and I need no traffic to flow back into the Control network. In other words I will transmit data from the control network to the admin computer using one protocol (TFTP more than likely) and block any other traffic coming out of and going into the Control network.
I am hoping this can be achieved with an ACL, but fear that because traffic is by default bidirectional, any attempt to block a received packet will drop the connection.
Agile Networking with Cloud-managed IT [Meraki The Future is here] Cisco Meraki The Future Is Here: Agile Networking With Cloud-managed IT Your customer’s employees are in hybrid workstyle from home, the road, and the office and IT teams need t...
1. Smart Licensing
1.1. What is Smart Licensing?
A. Cisco Smart Licensing is a flexible licensing model that provides you with an easier, faster, and more consistent way to purchase and manage software across the Cisco portfolio and across your orga...
Cisco DNA - Cisco SD-WAN: Connect to any cloud, anywhere, securely Cisco offers on-prem and cloud-managed WAN edge solutions to meet these new demands. Connect any user to any application with integrated capabilities for multicloud, security, ...
Join us for this virtual event as cloud providers, integrators, ecosystem technology partners and customers discuss what tomorrow's cloud will be and what you need to know to prepare. Get ready to hear about innovations for faster operations, mult...
Let´s talk about spanning-treeLeave your comment in english and in your own language.------------------------------------------------Vamos falar sobre spanning-tree Deixe seu comentário em inglês e no seu idioma.