hopefully my question is fairly easy for someone with more knowledge than me. I have a cisco pix 525. it has multiple subnets on different nic cards and currently and I am hoping to only allow one subnet to talk into the others but not vice versa.
currently subnet a, and subnet b can talk to each other in both directions. how can I block all traffic from subnet a from getting into subnet b while allowing subnet b to do anything it wants to subnet a?
This scenario is setup on internal networks as well as subnets that are full and split tunnel. I would assume it would be identically but if someone could clarify, that would be great.
You can do this by setting the security levels for the interfaces. Interfaces with higher security levels can pass traffic to interfaces with lower security levels but not vice versa unless explicitly defined. Interfaces with the same security level can pass traffic between each other.
thanks for your replies. sorry I have been very busy lately.
I am aware of the security levels on the interfaces. they are currently set to 0 on the outside interface, 50 on the lab interface and 100 on the internal interface.
The problem I am having really is using doing hairpinned vpn access. full tunnel has access to the the internal network when connecting to the lab.
You had mentioned to use an ACL. yes. I have tried this blocking tcp and udp. When I try and block stuff, it bricks access to the network for all remote users(me). What specifically is the command you would use to lock it down.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...