First post, sorry in advance.
We have a vendor who wants to add a firewall in our network for a portion of the plant that they control. They need access to the internet and I don't want them to have access to our internal network. I have created a VLAN that I have verified internet access with a laptop statically assigned in said subnet. I am a little confused on the interconnection.
I created a subinterface on our edge router, and tied that VLAN to all switches going back to the switch/switchport that they will plug the FW in to. Then created an ACL on the router denying access to internal IP ranges. Plugging a laptop with a static IP on the switchport where their FW will hook up to gets internet access, but once they hook up said FW it no longer has internet access.
2911(g0/0.VV)--Switch--Switch-(access VLAN VV)--Vendor Firewall.
Say the VV vlan is 192.168.0.0/24 and the vendor is using 10.10.10.0/24 how can we get this to work. Is it just an issue with their firewall (which they wont let me check out). I am kind of acting like a service provider in this sense and maybe just over complicating it.
No comments:
Post a Comment