I have depolyed a cisco nac solution in inband virtual gateway mode.Everything is working fine.The issue is that i want to restrict intranet server access.Usually there is a web server configured on it and users can access by typing http://intranet.There are also shared resources on it.
I want certain users to be able to access shared ressources but not access the intranet by typing http://intranet.I created access rules in traffic control to deny tcp protocol from the specified source to the destination ip address of the server on port 80and permit everything else.Users continue to access both ressources.
Since it was not working, created access-list on the L3 3560 switch to deny connection on 172.31.0.3:80 and permit everything else and applied it to the users vlan svi.Still it does not work.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...