So, with that said, the goal here was to add a route-map on the 3750 cores, and separate the Internet traffic from there, across each company's own firewalls. Ok, so lets look at the route-map.
Ok, here is the access list to determine what happens. I want all traffic coming from 10.10.1.0 and 10.10.2.0 to go out Internet 2, unless they are going to each other. Then, we dont want them to match the criteria. The first four are denies (dont go to the Internet 2), then the permits. The permits say go to Internet 2 ASA. Then a deny anything else.
access-list 105 deny ip 10.10.1.0 0.0.0.255 10.10.1.0 0.0.0.255
access-list 105 deny ip 10.10.2.0 0.0.0.255 10.10.1.0 0.0.0.255
access-list 105 deny ip 10.10.1.0 0.0.0.255 10.10.2.0 0.0.0.255
access-list 105 deny ip 10.10.2.0 0.0.0.255 10.10.2.0 0.0.0.255
access-list 105 permit ip 10.10.1.0 0.0.0.255 any
access-list 105 permit ip 10.10.2.0 0.0.0.255 any
access-list 105 deny ip any any
Now for the route-map. The match 105 says to look at ACL 105 for the matching criteria. Then if it matches, set the next hop to be 10.10.2.2, which is Internet 2.
route-map SBS permit 10
match ip address 105
set ip next-hop 10.10.2.2
Now, lets apply the policy to the vlan we want to implement this on. Lets look at the vlan interface:
description *** Company 2 Network ***
ip address 10.10.2.254 255.255.255.0
ip helper-address 10.10.1.17
ip policy route-map SBS <--- *** Here is where it is implemented onto the vlan interface ***
standby 102 ip 10.10.2.1
Now, here is the real reason Im writing this blog: At first, and for the next two or three times, the policy would not apply. AND, it never gave me any indication that it DIDNT apply. I didnt know why, but it wasnt working. When I went to ipchicken.com, it wouldnt give me the public address of company 2. So, what was wrong? Well after some research, I found that I had to add a command on the 3750 (and probably any L3 switch Im guessing). So, here is what I did:
Switch(config)# sdm prefer routing
I can not tell you exactly what this "sdm prefer routing" command does at this point, but I have every intention of reading more about this. I know it refers to how resources are allocated within the 3750. Here is what Im planning on reading: Thanks Cisco for explaining this.
So, after a reload, the 3750s come back up and I am now able to apply the route-map to the interface with the "ip policy route-map" command. Give it a good read. I know I will.