I have a scenario(diagram attached) where different external vendors will be coming in and accessing our database via a secured mpls network. We will be using EIGRP between our head end and the remote vendor sites router with the same autonomous number.
Because of business requirement, some vendors are allowed to access other vendors site via our VPN cloud and the end-to-end logical path should be strictly via the firewall. Because EIGRP can route traffic between remote sites, we need to avoid and to push all the routers ingress traffic towards the firewall. Then the firewall will decide to forward the traffic back to the remote site or will drop it.
If there is no switch in the middle between firewall and router, I can use policy based routing to push all the remote traffic towards the firewall's IP. But I am lost now.
Can someone suggest something how to proceed with this. I have attached a diagram.