[nsp] Protected Ports
Voll, Scott
Scott.Voll at wesd.org
Tue Apr 8 11:13:45 EDT 2003
Here is what I would like to do.
I have a pix with a DMZ. I have my server farm on that DMZ. We will be
hosting someone elses server and would like to place it on the same DMZ.
I don't want them to be able to see our server farm.
So, with that said. I've been reading about protected ports on the 3550
(which is what is connected to the DMZ of the pix).
I understand that Protected ports don't talk( un, multi, or broad Casts)
between ports. The article I read
http://www.cisco.com/en/US/customer/products/hw/switches/ps646/products_
configuration_guide_chapter09186a00800c6f41.html#56161 said "Forwarding
behavior between a protected port and a nonprotected port proceeds as
usual." Does this mean that unportected ports can talk to the protected
ones??
It also said that between protected ports you need a layer 3 device.
So, will the pix work for that? and do I just put an ACL on the DMZ
interface as to what device can talk to which one? I'm also assuming
that they will all be in the same subnet, right?
Thanks for any and all help
Scott Voll
Network Analyst, CCNA
Willamette ESD
Phone: (503) 385-4571
scott.voll at wesd.org <mailto:scott.voll at wesd.org>
Confidential
This E-Mail and any attachments transmitted with it are property of
Willamette ESD and/or its affiliates, are confidential, and are intended
solely for the use of the individual or entity to which this E-Mail is
addressed. If you are not one of the named recipient(s) or otherwise
have reason to believe that you have received this E-Mail in error,
please notify me at scott.voll at wesd.org and delete this E-Mail and any
attachments. Any other use, retention, forwarding, printing, or copying
of this E-Mail is strictly prohibited.
More information about the cisco-nsp
mailing list