Alrighty, a little misdirected here. been reading docs for a little while and experimenting around maybe someone can point me in the right direction.
How do you create a Guest Network in IOS Zone Firewall. For some reason Cisco, while using the term DMZ, applies differently on their routers than it does on their ASA's. I know how to do this on ASA's all day long however on the router it is a little different story.
I would appreciate a little direction even if you reference Cisco documentation on how this is to be done. I am sure this is basic and laughably so .... I cant seem to understand how to do this on a router with Zone Firewall. Thanks in advance.
Edit***1 For some reason I think I might need to create a zone just for guest... still studying up and yet your pointers are still going to be helpful. Thanks!
Edit***2 And again I am dumbfounded how it always never fails that when I am searching around the internets I never find poop, then I post here, and within 3 minutes I find this....
http://packetlife.net/blog/2012/jan/30/ ... -firewall/Edit***3 And Bingo. I got it and now it all makes sense. I used that tutuorial, coupled with my knowledge of ASA OS, and coupled with Cisco Documentation and found how to do this. It was so easy I should slap my mama and call my self silly.
However I still want to ask you security experts if this is a problem. From my LAB GUEST PC (My laptop) connected through my VLAN'd and trunked 2960G switch I cant ping any other (in-zone) aka inside network hosts. However I can ping all of my router's subinterfaces, i.e. Gig 0/0 and Gig 0/1.1 0/1.9 etc... is there someway I can block pinging from the guest lan to my "on a stick" routed sub-interfaces? I do not want guest to know that there are other "discoverable" networks they might be able to attempt access at. I do have the firewall zones setup, security policies, etc... working like a charm.
Thanks in advance.
Register
Search 
Login
