I have approximately 11 hosts on my network that are only required to have Internet access and nothing else. I was wondering what the simplest soultion would be to implement. I have a WAN with 2600 series routers. Internet traffic goes through a PIX 515UR connected to a Cisco 3640. Is it best to implement on local router or Internet router?
If I understand your post correctly you have some devices that you want to have Internet access but not access to local resources. If this is a correct understanding then I think the optimum solution is to create an access list on the interface on which they connect which will deny packets with their source address with local destination addresses and will permit their source address to access remote/Internet destinations.
If you put the filter further away, then there is opportunity for their packets to be routed to local destinations before they get to where the filter is implemented.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...