Hi,
I'm looking for some advice on the following problem:
Our PIX 525's inside IP address can be added as a default gateway to Windows XP clients, so they can in effect, turn off their Internet Explorer proxy settings and enjoy a straight-out Internet connection.
I want to exclude clients in the DHCP range from being able to do this, whilst still allowing servers in the rest of the scope to use the straight-out Internet connection. We also need to make sure we're not barring clients in the DHCP range from accessing the DMZ.
The inside IP of the PIX is 10.123.30.253
The DHCP range of the clients is 10.123.0.1 - 10.123.7.254 (255.255.248.0) Servers start at 10.123.60.0 (255.255.0.0)
The DMZ range is 10.124.16.0/255.255.255.0
I was hoping to do this with access-lists, but my initial attempts would block clients access to the DMZ also. I was wondering if somebody might be able to point me in the right direction with this?
Would be very appreciative of any advice.
Thanks