I currently have two sites A and B that can 'talk' to each other via a hub router. The issue is that I want to stop them from 'seeing' each other as they should be aloud to see the Internet (always) and each other under special circumstances. I know I can do this easily enough with an access-list on the hub router.
The issue is that we will be continually adding sites C, D, E, etc. and I may not know about every site that goes in or the LAN's that are behind them. And still I need to stop any site to site traffic.
So I am wondering if there is away to block the traffic from these sites getting to other sites as a default and I can add in exceptions when necessary?
All the sites come through the same interface on hub router. So could there be a rule saying anything coming in interface FE 0/0 is not aloud back out it?
Yes that will work but again not very practical as:
"The issue is that we will be continually adding sites C, D, E, etc. and I may not know about every site that goes in or the LAN's that are behind them. And still I need to stop any site to site traffic. "
This means eventually there will be LANs that I do not know about and will not be able to stop them from talking to other sites.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...