I've created a network lab environment and seperated it from my production environment with a 1605R router. I want only one or two workstations to be able to access the lab environment from the production side, which is not a problem. However, I also want to be able to access the production side from the lab environment and this is trickier. I need to be able to browse the production environment and access various machines from the lab but of course with my access lists only allowing a few machines IN to the lab I'm not getting the browse list nor can I access machines that are not allowed to access the lab via the access list. Any suggestions would be apprciated. Thanks
You'll need the FW feature set, but this is exactly what CBAC is intended to do. You just "inspect" the traffic going out from the lab to the production network, and CBAC will automatically add lines to your existing inbound ACL that'll allow that traffic back in.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...