First, the 300 line access-list was a bit of an exageration, more to make the point that I don't want an ungodly long access-list. Well, basically every floor in each building has its own /24 subnet. Unfortunately the real problem is that to get to the Internet, traffic must traverse VLAN 1, which also houses all my servers. That's the real problem. Is it possible to force traffic from one VLAN to go only out through my PIX and not be able to browse the servers on that subnet? Not being really familiar with the concept, I was thinking along the lines of policy routing. Is this the type of application it is intended for? I'm still trying to find good information on it. ""Steven A. Ridder"" wrote in message news:200210181920.TAA12300@;groupstudy.com... > Not sure I understand how you are running your network, but if you deny the > lawyers VLAN from accessing the other VLAN's in your network, you should be > all set. That way you only have one deny statement to add to each VLAN. I > think what's throwing me is the 300 line access-list statement. There's a > ton of solutions out there for you, but you need to be more clear in terms > of describing your internal network. > > > ""Robert Edmonds"" wrote in message > news:200210181908.TAA09447@;groupstudy.com... > > I work for a county government. As part of building a new courthouse, I > am > > tasked with providing attorneys in courtrooms with Internet access through > > my network. Of course, I would like to provide them access to what they > > need while blocking access to our internal network. > > My network is setup in the following manner: > > In the new courthouse, the MDF has a 3550-12G acting as the root switch > for > > the building, and has the layer 3 image. It connects directly to my core, > > with a 6506 with Sup2 and MSFC2, which in turn connects to my PIX 515 for > > Internet access. I plan on creating a separate VLAN for the public > Internet > > access, but beyond that I'm left a bit short. Obviously I don't want to > > create a 300 line access-list that would deny them access to each internal > > VLAN, then each of our servers in turn. Can someone give me some > > suggestions to get this done? Thanks in advance.
Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55900&t=55898 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
