Here is what I need to do. I need to create a firewalled segment that not only separates hosts from general population, but also from each other. The solitary confinement of firewalled segments.
I know that I could create a bunch of sub-interfaces, one for each host or group that needs to be isolated, but I'd really rather not have to do that if possible. 1) It could become a management nightmare between ACLs and sub-interfaces and 2) it's a waste of IP addresses.
Is there any way that I can create a bunch of separate VLANs behind the firewall and have them all terminate at the firewall, using a single firewall IP address for the gateway?
Kind of like this?
VLAN 1 - hosts 220.127.116.11 and 18.104.22.168
VLAN 2 - hosts 22.214.171.124
Firewall DMZ Interface - 126.96.36.199
VLAN 3 - hosts 188.8.131.52 and 184.108.40.206
This way, the hosts are isolated and can't talk to each other unless they're on the same VLAN.
So, 1) does this make sense? and 2) is it possible?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...