Hi I have a remote site that connects through our hub via LAN and they have their own independent Firewall connection for internet. They communicate to a few devices on our network and everything else is blocked via access-list but they need to have a server on our LAN. Now I need to move their server and host it on our network 172.16.x.x but they need it to use their Firewall for internet access. The only thing I can think of is create an access-list on our Firewall uplink to allow everything but their server and add the server to the access-list that connects to their LAN with addition to add another IP default route inside my hub. That’s the only thing I can think of at the moment, does anyone have a better solution?
I'm going to dedicate The SERVERS VLAN on my network for their servers to reside on. I just need to modify the current ACL to let their network communicate with the SERVERS VLAN on my Hub and apply the PBR policy on that vlan to redirect to their network........Does that make any sense?
If you use just the host (/32) as the source the other IPs will not match that ACL, so you don't have to worry about them. But, if that customer server needs to access anything on your hub network that is outside of its local subnet, the policy will need to be modified... I'm assuming it just needs access to servers on its own subnet which would be L2 switched, then anything from this host that hits the L3 gateway would match and follow the ACL.
Ok, I think I'm getting it. You're basically telling me that the Policy can be entered on the VLAN interface itself and not just a port which is the usual. So once I create it I can enter the specific IP address to redirect its default route to the customers LAN. Also, in this scenario do I have to create a any any entry for the other IP's that I dont list get routed by its usual default route?