Robert, Have the VLAN for these users route to a DMZ interface on your PIX rather than the layer 3 switch. Set the security level of that interface to 1 (just higher than the outside).
If you don't specify an ACL on that PIX interface, you should be able to use PIX security levels to automatically deny access to the internal LAN while permitting access to the internet. Thanks, Shawn Robert Edmonds wrote: > > I work for a county government. As part of building a new courthouse, I am > tasked with providing attorneys in courtrooms with Internet access through > my network. Of course, I would like to provide them access to what they > need while blocking access to our internal network. > My network is setup in the following manner: > In the new courthouse, the MDF has a 3550-12G acting as the root switch for > the building, and has the layer 3 image. It connects directly to my core, > with a 6506 with Sup2 and MSFC2, which in turn connects to my PIX 515 for > Internet access. I plan on creating a separate VLAN for the public Internet > access, but beyond that I'm left a bit short. Obviously I don't want to > create a 300 line access-list that would deny them access to each internal > VLAN, then each of our servers in turn. Can someone give me some > suggestions to get this done? Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55903&t=55898 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
