Block Inside Network

Answered Question
Jul 15th, 2008
User Badges:

Hi, We have been using ASA for last ne year and its working fine, now can I block the inside machines that means 2 machines are available in inside zone now i want that first machine not able to access or communicate with second machine, is it possible becoz the traffic wont bypass through firewall when both communicate. Thanks

Correct Answer by Farrukh Haroon about 8 years 10 months ago

If both machines are in 'same subnet', then both will communicate 'directly' and will never each the firewall. You have the following options:


> Change the switch

> Change the network design

> Play around with some routes/proxy-arp

> NAT one of the machines on the firewall etc.


Regards


Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Farrukh Haroon Tue, 07/15/2008 - 09:03
User Badges:
  • Red, 2250 points or more

You can use an access-list (VLAN or PORT) on the switch to block this communication.


Regards


Farrukh

nikuhappy2010 Tue, 07/15/2008 - 09:36
User Badges:

Here, the Switch is not managable and all switch are connected with inside interface of FW, now is it possible?

Correct Answer
Farrukh Haroon Tue, 07/15/2008 - 09:42
User Badges:
  • Red, 2250 points or more

If both machines are in 'same subnet', then both will communicate 'directly' and will never each the firewall. You have the following options:


> Change the switch

> Change the network design

> Play around with some routes/proxy-arp

> NAT one of the machines on the firewall etc.


Regards


Farrukh

Actions

This Discussion