Pix and Windows domains
I have been asked to segregate one subnet from the remainder of the
This should be achieved using an ASA.
For instance, I will have a 10.0.0.0/8 network (A), with the servers
located in 10.1.0.0/16 subnet (S).
On the other hand I will have a 192.168.0.0/16 network (B).
I will have Domain Controllers in the (S) subnet as well in the (B)
network. And I will have workstations in the (A) and (B) networks.
(B) workstation will have access to the servers in the (S) subnet, but not
to the remainder of the (A) network.
Can this be achieved using a Pix (ASA5520) ?
I fear that the Pix is intrinsically a "nating" device and will corrupt
"netlogon" frame. (Because it will alter the src/dest for the packet but not
the IP addresses inside the frames.)
Is there a way to perform this ? I feel that I only need to have routing +
ACL between the two (B) and (S) subnets.
Thanks for any idea
|All times are GMT. The time now is 12:51 AM.|
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.