1)Imaging that we have configured a VSI in a layer 3 switch for making inter-vlan routing. Now the PCs connected to that VLAN will use the default gateway as that VSI's IP address. When a PC needs to send a pkt to its D.gateway what Dest.MAC address will it use??
How layer 3 switch will reply for the incoming ARP requests asking the MAC Addr of the VSI's IP???
2)According to the cisco literature on the PIX\ASA firewall configuration the INSIDE
network has higher security level than the DMZ network. Normally as I know we do not put access lists on the INSIDE interface. From INSIDE network to the DMZ direction the pkt flow is not restricted by default. So there is a possibility of getting the DMZ servers affected due to some virus or other attacks possibly come from INSIDE network towards the DMZ as users may use USBs and other removable devices. What best practices are available for getting rid of this problem?
Appreciate your valuable attention !!