A customer is offering remote office placement and Internet connectivity for a business partner. The customer has several remote sites which need access to all centralized resources.
Looking at the diagram, the partner will bring in their own Juniper FW, switch & workstations - they need to traverse the corporate WAN and the centralized Internet connection for VPN access (from the remote Juniper to an Internet destination), and normal web/surfing access.
Key: the corporate network must be completely secured, so that the remote site (specifically, the clients behind the Juniper firewall) only have access to the Internet, and nothing on the corporate network. (Again, remote corporate users still need full access to all resources.)
Please advise on a best design practice for this - ACLs, VRFs, etc.
Thanks, and reference docs/links are always appreciated.