Hi,
I have been asked to segregate one subnet from the remainder of the network. This should be achieved using an ASA.
For instance, I will have a 10.0.0.0/8 network (A), with the servers located in 10.1.0.0/16 subnet (S). On the other hand I will have a 192.168.0.0/16 network (B).
I will have Domain Controllers in the (S) subnet as well in the (B) network. And I will have workstations in the (A) and (B) networks. (B) workstation will have access to the servers in the (S) subnet, but not to the remainder of the (A) network.
Can this be achieved using a Pix (ASA5520) ?
I fear that the Pix is intrinsically a "nating" device and will corrupt "netlogon" frame. (Because it will alter the src/dest for the packet but not the IP addresses inside the frames.)
Is there a way to perform this ? I feel that I only need to have routing + ACL between the two (B) and (S) subnets.
Thanks for any idea
--Richard.