I have a quick question for and I was wondering if anyone could help.
I want to creat an Internet Only vlan for our Guests, which would save the cost of 4 DSL lines.
For example, our internal network is 172.17.0.0, and I want create VLAN 161 and assign 192.168.161.0/24 to "internet only network".
with a DFG of 172.17.74.22 which is another set of ASA's - Not our internal corporate DFG.
The access-list that I want to create would look like this:
ip acces-list extended Gust-internet-only
! Permit DHCP requests
permit udp any host 172.17.74.217 eq bootps
! Permit DNS Requests
permit udp 192.168.161.0 0.0.0.255 host 172.17.74.217 eq domain
! Permit access to the B2B Internet firewalls Inside Interface
permit ip 192.168.161.0 0.0.0.255 host 172.17.74.22
! Deny access to all other Internal PFFB Coprorate Resources with logging
deny ip any 172.17.0.0 0.255.255.255 log-input
! Permit "ALL" access to the Internet (add "log-input if we want to
see what's going on).
permit ip any any
Then apply this access-list to the VLAN interface:
ip access-group internet-only in
The question I have is, how can I policy route 192.168.161.0/24 to the next hop of 172.17.74.22?
Thanks for your help.