Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 341
  • Last Modified:

Catalyst and PiX firewall Access-lists

Hello guys;
Please take a look at the layout first then read my reak question.
As you see, i have multiple vlans that are routed by a catalyst 4006 switch. As a gateway to internet i have a Pix firewall and an ISA 2004 proxy server. What ièm trying to do, is to force eveyone on the employess, clients and wireless vlans to go to internet through the ISA 2004 firewall, equally, everyone on the servers and directors vlan through the PIX firewall.
Presently everyone on the employess, clients and wireless vlans have isa firewall client installed or are web proxy clients, so they are already using the isa server for internet requests (because they have protocol based restricted access to internet), but my catalyst layer 3 switch is cinfigured to route everything to the pix firewall, so if they disable the firewall client, they will go directly to the net through the pix firewall. My main goal is to force them (employees, clients and wireless)to go through the isa server even if they disable the firewall client or clear out the proxy configuration.
Now i know i can do that on my pix firewal by simly adding an access-list deny rule for those segments to go to the net, but i'm trying to configure that on the layer 3 module. Is that possible and how? Do not forget, the L3 module is routing eveything bound to the internet to my pix firewall, and i can not change that cause i need my directors and server to go through the PIX firewall at all times.
Drawing1.jpg
0
isaman07
Asked:
isaman07
  • 2
2 Solutions
 
Cyclops3590Commented:
have you looked at doing route-maps on the switch?  can combine it with acls so that certain vlans use the pix and others use the ISA.
its the first thing that came my mind anyway.
0
 
isaman07Author Commented:
How can i do that? route-maps, any links?
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now