I am going to be adding a second network (wireless) that needs to be isolated from the primary network except for one server (www). Currently the wireless is on a second VLAN, that while permitting internet access does not of course allow access to the web server on the main LAN.
What I would like to do is use a PIX506 to place in between the two networks, and allow the wireless network internet access as well as access to this one specific web server, ideally just the http only.
So I am thinking I would need to create inbound and outbound ACLs. So therefore I would need to make an ACL deny the 192.168.1.0 network, while allowing www access to 192.168.1.4.
Basically wireless clients need to access the internet, and this webserver, but NOT see anything else on the main network.