Restricting site 2 site access

vanagon2tdi · ‎01-24-2008

I currently have two sites A and B that can 'talk' to each other via a hub router. The issue is that I want to stop them from 'seeing' each other as they should be aloud to see the Internet (always) and each other under special circumstances. I know I can do this easily enough with an access-list on the hub router.

The issue is that we will be continually adding sites C, D, E, etc. and I may not know about every site that goes in or the LAN's that are behind them. And still I need to stop any site to site traffic.

So I am wondering if there is away to block the traffic from these sites getting to other sites as a default and I can add in exceptions when necessary?

All the sites come through the same interface on hub router. So could there be a rule saying anything coming in interface FE 0/0 is not aloud back out it?

Cheers!

Dave

mchin345 · ‎01-30-2008

I think the the better way is implementing ACL in your hub router as well as in your all spoke router depends upon your needs( inbound and outbound direction ) .

vanagon2tdi · ‎01-30-2008

Yes that will work but again not very practical as:

"The issue is that we will be continually adding sites C, D, E, etc. and I may not know about every site that goes in or the LAN's that are behind them. And still I need to stop any site to site traffic. "

This means eventually there will be LANs that I do not know about and will not be able to stop them from talking to other sites.

Dave