I have a need to bridge a B2B DMZ network to a small section of our internal company LAN. I am bridging the networks using a GRE tunnel that terminates at the router servicing the internal LAN segment.
The issue I have is to configure the end point router so that traffic exiting the tunnel interface can only be sent out the router interface for the LAN segment, and traffic from the LAN segment interface can only be sent out the Tunnel interface.
I believe I can do that using the following configuration:
Match interface tu0
Set interface fa0
Match interface fa0
Set interface tu0
Description ? endpoint for GRE Tunnel
Ip policy route-map tu0-to-fa0
Description ? Internal LAN segment
Ip policy route-map fa0-to-tu0
Interface FA0 also has an inbound ACL assigned to it for managing access to other internal network sites. I assume that the ACL will be processed before PBR is applied - Is this accurate?
If more information is required, please ask.
Thanks in advanced.