Hi there,
I was wondering what the best method of securing the following situation is:
I have a Cisco 2821 ISR - configured as follows:
Gig 0/0 - LAN wire Gig 0/1 - WAN subnets (I have 2 routable subnets) Dot11 - WIFI BVI1 - ties LAN and WIFI together - has local ip - has NAT Dialer1 - ADSL (MLPPP ADSL) ATM0, 1, 3 - 3x ADSL lines
What is happening is that the LAN can ping all outside IP addresses, everything works fine - which I want.
But the WAN can also ping/communicate with all LAN addresses - with are NATed- which I don't want.
I tried to setup the Firewall via SDM, i kinda worked but that was a big mess - ended up having to re-configure from scratch back to original.
Anyone give an example of how to deny the WAN access to the LAN?
Thanks, Jack