cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
218
Views
0
Helpful
2
Replies

Restricted access between nodes within network

vikrantarora
Level 1
Level 1

I have a network divided into 4 subnets. All of these subnets are connected into the catalyst 6509 switch and go to the internet via PIX 6.2.

My question is if I can preven inside users from accessing a server within the network.

There is only one application on the server and it requries login but I dont even want users who are not permitted to even reach the authentication prompt.

They should get a message that server not reachable etc. when they try to reach the server by typing it's IP in the Address bar of the explorer menu.

The server is in one of the subnetes and I want only specific users to be able to reach the application.

Can I do so using PIX ( without forming dmz as it may increase load on the PIX) or do i have to use some external software that allows me to write policies amongs the nodes of a network.

Just to clear my poin, we can think of it as writing access lists between computers of the same network instead of computers in different networks.

2 Replies 2

jboyer
Level 1
Level 1

Workstations that are on the same network as the server will communicate directly with the server. The only way to control access to the server with the pix is to create a dmz. You could control access from the other 3 networks with acls on the switch.

mostiguy
Level 6
Level 6

If this server is directly plugged into the 6500, then there are tons of things you can do. You can restrict by mac address, or some other things. There are literally a handful of techniques to do this on the 6500.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: