We currently have all our head office servers on one VLAN (on a 6500 series core switch) and accessable from all our remote sites (connected by IPSEC VPN) and from all our head office users.
I would like to segregate some of the servers into their own "secure" VLAN - which would only be accessable from the remote sites which needed to access the servers (and only from certain users within the head office).
I'm looking for suggestions on the best way to acheive this i.e. to segregate the servers from the rest of the network and provide appropriate security etc.
Can I simply create a new VLAN for these servers, and then use an access-list to only allow access from the specific remote sites which would need connectivity with the servers, blocking everything else?
What other suggestions, design considerations should be taken into account for this type of task? Any feedback would be welcomed!