Showing results for 
Search instead for 
Did you mean: 

I need one device to have a specific ip default route to another firewall

I need one device to have a specific ip default route to another firewall

New Contributor II
Hi I have a remote site that connects through our hub via LAN and they have their own independent Firewall connection for internet. They communicate to a few devices on our network and everything else is blocked via access-list but they need to have a server on our LAN. Now I need to move their server and host it on our network 172.16.x.x but they need it to use their Firewall for internet access. The only thing I can think of is create an access-list on our Firewall uplink to allow everything but their server and add the server to the access-list that connects to their LAN with addition to add another IP default route inside my hub. That’s the only thing I can think of at the moment, does anyone have a better solution?


New Contributor II
Hi Everyone,

So far what I have done is I just added a VLAN on my network that extendeds there so I can keep the servers within there own subnet. I'm able to get passed the ACL that resides on they're port uplink but I cannot default route through it. Is there where I need to apply a PBR somewhere?

My Business HUB Customer HUB
17216.0.0 /16

Source Destination
VLAN A - Deny
VLAN B - Permit

Lab address Permit ANY (Succesful)
Ping from (Request Timed out)

Next step is I would assume I create a PBR ACL under VLAN B that default routes to their Firewall? The reason for this is because the VLAN resides on my network?

New Contributor II

Extreme Employee
you have to create the policy with:

edit policy pbr (policy name)

that will open a vi editor

New Contributor II
I attempted to create the PBR policy on the switch but I was unsuccessful because I couldn't figure out the next entry. Please see attachment. PS I have a x450a series Summit switch.