Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Restricted access between nodes within network

I have a network divided into 4 subnets. All of these subnets are connected into the catalyst 6509 switch and go to the internet via PIX 6.2.

My question is if I can preven inside users from accessing a server within the network.

There is only one application on the server and it requries login but I dont even want users who are not permitted to even reach the authentication prompt.

They should get a message that server not reachable etc. when they try to reach the server by typing it's IP in the Address bar of the explorer menu.

The server is in one of the subnetes and I want only specific users to be able to reach the application.

Can I do so using PIX ( without forming dmz as it may increase load on the PIX) or do i have to use some external software that allows me to write policies amongs the nodes of a network.

Just to clear my poin, we can think of it as writing access lists between computers of the same network instead of computers in different networks.

New Member

Re: Restricted access between nodes within network

Workstations that are on the same network as the server will communicate directly with the server. The only way to control access to the server with the pix is to create a dmz. You could control access from the other 3 networks with acls on the switch.


Re: Restricted access between nodes within network

If this server is directly plugged into the 6500, then there are tons of things you can do. You can restrict by mac address, or some other things. There are literally a handful of techniques to do this on the 6500.

CreatePlease login to create content