My network covers central and several branch offices. All connections to regional offices and internet is through MPLS. Thus some of the private addresses comunication are passed through isp router and together with comunication to internet it goes to peer router at their premises, and backwards.
The company has several servers to put in the DMZ zone. I have to administer my own central router - firewall, which is used for VPN communication and some routing functions. My VLANS in the central location are 192.168.20.X - 192.168.40.X).
What I need is the way to separate private from public communication straight after the ISP router. That ashould be done on my switch 3560.
Therefore It needs to separate private traffic 192.168.x.x( regional offices 192.168.100.x - 192.168.109.x - they are not in VLAN structure) from the traffic to and from internet.
Do I need to inlude some form of routed ports and on the top of that some input access lists( to put them in differnet direction). It sound complicated and believe that it might have some simler way to do that.
My cisco switch L3 3560 with standard instruction set Cisco IOS Software, C3560 Software (C3560-IPBASE-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1).