Situation: I created a 'guest vlan' on our network that will be used by NON-employees. This VLAN hands the user a DNS server and through a standard ACL allows all web browsing (to the internet) and all DNS lookups to that supplied DNS server.
Problem: What happens if a GUEST USER wants to VPN to his/her corporate network? How do I allow that without opening my network up any more than it is? When a guest VPN's to their corporate net they will get DNS and may need to connect to resources on their net that I am not allow access to in my ACL.
Any ideas are much appreciated. Thanks in advance.
Thank you for your reply. I mistakenly said Standard when I meant to say Extended. I am already using an extended ACL, but your response answers my question. I was trying to make things more difficult than they need to be. Instead of denying specific nets and allowing everything else, I was allowing specific things and denying everything else.
Also, I have architected the acl in the format you descibe, and I've applied it to the interface "IN". Is that the best way to do it?
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...