01-24-2008 11:06 AM - edited 03-05-2019 08:41 PM
I currently have two sites A and B that can 'talk' to each other via a hub router. The issue is that I want to stop them from 'seeing' each other as they should be aloud to see the Internet (always) and each other under special circumstances. I know I can do this easily enough with an access-list on the hub router.
The issue is that we will be continually adding sites C, D, E, etc. and I may not know about every site that goes in or the LAN's that are behind them. And still I need to stop any site to site traffic.
So I am wondering if there is away to block the traffic from these sites getting to other sites as a default and I can add in exceptions when necessary?
All the sites come through the same interface on hub router. So could there be a rule saying anything coming in interface FE 0/0 is not aloud back out it?
Cheers!
Dave
01-30-2008 11:43 AM
I think the the better way is implementing ACL in your hub router as well as in your all spoke router depends upon your needs( inbound and outbound direction ) .
01-30-2008 11:48 AM
Yes that will work but again not very practical as:
"The issue is that we will be continually adding sites C, D, E, etc. and I may not know about every site that goes in or the LAN's that are behind them. And still I need to stop any site to site traffic. "
This means eventually there will be LANs that I do not know about and will not be able to stop them from talking to other sites.
Dave
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide