Block Inside Network

Answered Question
Jul 15th, 2008

Hi, We have been using ASA for last ne year and its working fine, now can I block the inside machines that means 2 machines are available in inside zone now i want that first machine not able to access or communicate with second machine, is it possible becoz the traffic wont bypass through firewall when both communicate. Thanks

I have this problem too.
0 votes
Correct Answer by Farrukh Haroon about 8 years 6 months ago

If both machines are in 'same subnet', then both will communicate 'directly' and will never each the firewall. You have the following options:

> Change the switch

> Change the network design

> Play around with some routes/proxy-arp

> NAT one of the machines on the firewall etc.

Regards

Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Farrukh Haroon Tue, 07/15/2008 - 09:03

You can use an access-list (VLAN or PORT) on the switch to block this communication.

Regards

Farrukh

nikuhappy2010 Tue, 07/15/2008 - 09:36

Here, the Switch is not managable and all switch are connected with inside interface of FW, now is it possible?

Correct Answer
Farrukh Haroon Tue, 07/15/2008 - 09:42

If both machines are in 'same subnet', then both will communicate 'directly' and will never each the firewall. You have the following options:

> Change the switch

> Change the network design

> Play around with some routes/proxy-arp

> NAT one of the machines on the firewall etc.

Regards

Farrukh

Actions

This Discussion