Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Block Inside Network

Hi, We have been using ASA for last ne year and its working fine, now can I block the inside machines that means 2 machines are available in inside zone now i want that first machine not able to access or communicate with second machine, is it possible becoz the traffic wont bypass through firewall when both communicate. Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Block Inside Network

If both machines are in 'same subnet', then both will communicate 'directly' and will never each the firewall. You have the following options:

> Change the switch

> Change the network design

> Play around with some routes/proxy-arp

> NAT one of the machines on the firewall etc.

Regards

Farrukh

4 REPLIES

Re: Block Inside Network

You can use an access-list (VLAN or PORT) on the switch to block this communication.

Regards

Farrukh

New Member

Re: Block Inside Network

Here, the Switch is not managable and all switch are connected with inside interface of FW, now is it possible?

Re: Block Inside Network

If both machines are in 'same subnet', then both will communicate 'directly' and will never each the firewall. You have the following options:

> Change the switch

> Change the network design

> Play around with some routes/proxy-arp

> NAT one of the machines on the firewall etc.

Regards

Farrukh

New Member

Re: Block Inside Network

Thanks Farruth.

114
Views
0
Helpful
4
Replies
CreatePlease login to create content