We have a customer with a pretty big network, lots of internet users and pretty huge servers getting requests from all over the world.
I have attached a demo of the network.
they have a cisco 6500 chasis acting as gateway for about 40 Vlans. each Vlan corresponds to one department.
Each department maintains its own Server hardware and software and each department is say a mile away from the other. It;s its not feasible to get all the servers to one place and put them in a DMZ.
the 6500 has a default route to the ASA where all the NAt and firewalling is done.
I want to isolate the servers and users, as a hacked server can cause problem to users and malicious users inside the campus can attack the servers.
Could any one suggest how i can proceed.
thanks in advance.