Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Catalyst and PiX firewall Access-lists

Posted on 2008-10-23
3
Medium Priority
?
340 Views
Last Modified: 2012-05-05
Hello guys;
Please take a look at the layout first then read my reak question.
As you see, i have multiple vlans that are routed by a catalyst 4006 switch. As a gateway to internet i have a Pix firewall and an ISA 2004 proxy server. What ièm trying to do, is to force eveyone on the employess, clients and wireless vlans to go to internet through the ISA 2004 firewall, equally, everyone on the servers and directors vlan through the PIX firewall.
Presently everyone on the employess, clients and wireless vlans have isa firewall client installed or are web proxy clients, so they are already using the isa server for internet requests (because they have protocol based restricted access to internet), but my catalyst layer 3 switch is cinfigured to route everything to the pix firewall, so if they disable the firewall client, they will go directly to the net through the pix firewall. My main goal is to force them (employees, clients and wireless)to go through the isa server even if they disable the firewall client or clear out the proxy configuration.
Now i know i can do that on my pix firewal by simly adding an access-list deny rule for those segments to go to the net, but i'm trying to configure that on the layer 3 module. Is that possible and how? Do not forget, the L3 module is routing eveything bound to the internet to my pix firewall, and i can not change that cause i need my directors and server to go through the PIX firewall at all times.
Drawing1.jpg
0
Comment
Question by:isaman07
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 25

Assisted Solution

by:Cyclops3590
Cyclops3590 earned 600 total points
ID: 22792883
have you looked at doing route-maps on the switch?  can combine it with acls so that certain vlans use the pix and others use the ISA.
its the first thing that came my mind anyway.
0
 
LVL 14

Accepted Solution

by:
isaman07 earned 0 total points
ID: 22792932
How can i do that? route-maps, any links?
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 22800332
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question