cancel
Showing results for 
Search instead for 
Did you mean: 

I need one device to have a specific ip default route to another firewall

I need one device to have a specific ip default route to another firewall

Arison_Mercado
New Contributor II
Hi I have a remote site that connects through our hub via LAN and they have their own independent Firewall connection for internet. They communicate to a few devices on our network and everything else is blocked via access-list but they need to have a server on our LAN. Now I need to move their server and host it on our network 172.16.x.x but they need it to use their Firewall for internet access. The only thing I can think of is create an access-list on our Firewall uplink to allow everything but their server and add the server to the access-list that connects to their LAN with addition to add another IP default route inside my hub. That’s the only thing I can think of at the moment, does anyone have a better solution?

19 REPLIES 19

Arison_Mercado
New Contributor II
Ok, I'll get working on this but I wont have a server until next week. I'll let you know how it went 

McClane
Extreme Employee
that makes sense

Arison_Mercado
New Contributor II
I'm going to dedicate The SERVERS VLAN on my network for their servers to reside on. I just need to modify the current ACL to let their network communicate with the SERVERS VLAN on my Hub and apply the PBR policy on that vlan to redirect to their network........Does that make any sense?

McClane
Extreme Employee
If you use just the host (/32) as the source the other IPs will not match that ACL, so you don't have to worry about them. But, if that customer server needs to access anything on your hub network that is outside of its local subnet, the policy will need to be modified... I'm assuming it just needs access to servers on its own subnet which would be L2 switched, then anything from this host that hits the L3 gateway would match and follow the ACL.

Arison_Mercado
New Contributor II
Ok, I think I'm getting it. You're basically telling me that the Policy can be entered on the VLAN interface itself and not just a port which is the usual. So once I create it I can enter the specific IP address to redirect its default route to the customers LAN. Also, in this scenario do I have to create a any any entry for the other IP's that I dont list get routed by its usual default route?
GTM-P2G8KFN