This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

I need one device to have a specific ip default route to another firewall

I need one device to have a specific ip default route to another firewall

Arison_Mercado
New Contributor II

ā€Ž05-14-2015 02:32 PM

Hi I have a remote site that connects through our hub via LAN and they have their own independent Firewall connection for internet. They communicate to a few devices on our network and everything else is blocked via access-list but they need to have a server on our LAN. Now I need to move their server and host it on our network 172.16.x.x but they need it to use their Firewall for internet access. The only thing I can think of is create an access-list on our Firewall uplink to allow everything but their server and add the server to the access-list that connects to their LAN with addition to add another IP default route inside my hub. Thatā€™s the only thing I can think of at the moment, does anyone have a better solution?

0 Kudos
19 REPLIES 19

Arison_Mercado
New Contributor II

ā€Ž05-14-2015 03:09 PM

Ok, I'll get working on this but I wont have a server until next week. I'll let you know how it went ļ™‚

McClane
Extreme Employee

ā€Ž05-14-2015 03:09 PM

that makes sense
0 Kudos

Arison_Mercado
New Contributor II

ā€Ž05-14-2015 03:09 PM

I'm going to dedicate The SERVERS VLAN on my network for their servers to reside on. I just need to modify the current ACL to let their network communicate with the SERVERS VLAN on my Hub and apply the PBR policy on that vlan to redirect to their network........Does that make any sense?
0 Kudos

McClane
Extreme Employee

ā€Ž05-14-2015 03:09 PM

If you use just the host (/32) as the source the other IPs will not match that ACL, so you don't have to worry about them. But, if that customer server needs to access anything on your hub network that is outside of its local subnet, the policy will need to be modified... I'm assuming it just needs access to servers on its own subnet which would be L2 switched, then anything from this host that hits the L3 gateway would match and follow the ACL.
0 Kudos

Arison_Mercado
New Contributor II

ā€Ž05-14-2015 03:09 PM

Ok, I think I'm getting it. You're basically telling me that the Policy can be entered on the VLAN interface itself and not just a port which is the usual. So once I create it I can enter the specific IP address to redirect its default route to the customers LAN. Also, in this scenario do I have to create a any any entry for the other IP's that I dont list get routed by its usual default route?
0 Kudos
GTM-P2G8KFN