Restricting site 2 site access

Unanswered Question
Jan 24th, 2008
User Badges:

I currently have two sites A and B that can 'talk' to each other via a hub router. The issue is that I want to stop them from 'seeing' each other as they should be aloud to see the Internet (always) and each other under special circumstances. I know I can do this easily enough with an access-list on the hub router.


The issue is that we will be continually adding sites C, D, E, etc. and I may not know about every site that goes in or the LAN's that are behind them. And still I need to stop any site to site traffic.


So I am wondering if there is away to block the traffic from these sites getting to other sites as a default and I can add in exceptions when necessary?

All the sites come through the same interface on hub router. So could there be a rule saying anything coming in interface FE 0/0 is not aloud back out it?


Cheers!

Dave

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mchin345 Wed, 01/30/2008 - 11:43
User Badges:
  • Silver, 250 points or more

I think the the better way is implementing ACL in your hub router as well as in your all spoke router depends upon your needs( inbound and outbound direction ) .

davecisco Wed, 01/30/2008 - 11:48
User Badges:

Yes that will work but again not very practical as:

"The issue is that we will be continually adding sites C, D, E, etc. and I may not know about every site that goes in or the LAN's that are behind them. And still I need to stop any site to site traffic. "


This means eventually there will be LANs that I do not know about and will not be able to stop them from talking to other sites.


Dave


Actions

This Discussion