xucraig - Thanks for posting your question on the forum!
You are definitely on the right track regarding your configuration. I'm just going to suggest a couple of changes:
- The ACL should actually reference the reverse traffic. Your traffic is hitting the router but is then being sent out the primary connection. In this case the ACL should look like this:
ip access-list extended WAN2-ADMIN-ACCESS
permit ip host Y.Y.Y.Y ip host X.X.X.X (where XXXX is where I need to access from and YYYY is the IP of my second WAN)
- Your route-map needs to be applied to the router locally. This is because admin access traffic is destined to and sourced from the router itself.
ip local policy route-map SECOND-WAN
- You will need to disable RPF check on the public WAN access-policies
no ip policy-class <policy-class Name> rpf-check
Please do not hesitate to let us know if you have any questions.
Thanks, Noor, that did the trick!