We have a resident student network, which coexists with the rest of the campus network. I want to keep the students behind the firewall (less likely that machines get comprimised) but I also want to keep them isolated from the rest of the internal fac/staff network (like in the DMZ off the PIX).
We have Cat6500s on the core (w/router on a stick), 6500s on distrobution layers, and Cat3500XLs at the access layer. We are currently using dynamic vlan assignments. Can I take the 6 Resnet VLANs and somehow route them through the DMZ on the PIX (without having to change the physical design of the network or pull additional links out of these buildings). Or can I use access lists to prevent the Resnet from accessing the fac/staff vlans (I would prefer to run it through the PIX because I would have a more granular control - I want restrict the residents access to particular internal servers over particular ports).
Considering the implementation of dynamic vlans, what is the easiest way to put our resnet a) behind the firewall and b) isolated from the rest of the internal campus network
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...