Catalyst and PiX firewall Access-lists

Hello guys;
Please take a look at the layout first then read my reak question.
As you see, i have multiple vlans that are routed by a catalyst 4006 switch. As a gateway to internet i have a Pix firewall and an ISA 2004 proxy server. What ièm trying to do, is to force eveyone on the employess, clients and wireless vlans to go to internet through the ISA 2004 firewall, equally, everyone on the servers and directors vlan through the PIX firewall.
Presently everyone on the employess, clients and wireless vlans have isa firewall client installed or are web proxy clients, so they are already using the isa server for internet requests (because they have protocol based restricted access to internet), but my catalyst layer 3 switch is cinfigured to route everything to the pix firewall, so if they disable the firewall client, they will go directly to the net through the pix firewall. My main goal is to force them (employees, clients and wireless)to go through the isa server even if they disable the firewall client or clear out the proxy configuration.
Now i know i can do that on my pix firewal by simly adding an access-list deny rule for those segments to go to the net, but i'm trying to configure that on the layer 3 module. Is that possible and how? Do not forget, the L3 module is routing eveything bound to the internet to my pix firewall, and i can not change that cause i need my directors and server to go through the PIX firewall at all times.
Drawing1.jpg
LVL 14
isaman07Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cyclops3590Commented:
have you looked at doing route-maps on the switch?  can combine it with acls so that certain vlans use the pix and others use the ISA.
its the first thing that came my mind anyway.
0
isaman07Author Commented:
How can i do that? route-maps, any links?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.