This is my ASA version from show run.

ASA Version 9.3(1) 

Does that mean that PBR is not supported in 9.3(1)?

Do I need to upgrade my ASA to 9.4 in order to use the PBR feature?

Alright thank you. Ill post if I need help again (once I upgrade to 9.4)

I would debug ip policy see whats happening when you come from the source ip that's supposed to be matched , you can use a standard acl in pbr as well if you do need to use an extended

Also running a traceroute is a better way to see when it hit the interface where the policy is set does it get redirected

aswell some routers depending on ios hardware use fast-switched instead of process switched pbr , process pbr does not support certain set commands such as set ip default next-hop but it does support set ip next-hop not sure if its the same for asas but you could try both

I have several comments about this:

- Note that this is being done on an ASA and not on an IOS router. So fast switching/process switching/CEF switching is not an issue here.

- there are several problems in the proposed logic for PBR:

_  the proposed ACL is permitting ip but the suggested requirement was to forward http/https. So the ACL needs to be extended and should permit tcp eq 80 and tcp eq 443. Permitting any destination probably makes sense.

_  in the route map I would suggest set ip next-hop rather than set ip default next-hop (though it may work with either of these alternatives, but I think that set ip next-hop is more sure to affect the traffic). And the address specified would be the IP address of the ISP router that connects to you and probably not its LAN IP.

_  setting DF or DSCP is optional and I would suggest that you not bother with these options. It should work ok without either.

_  The policy is set on the interface where the traffic arrives (your inside interface) and not on the interface connecting to the ISP.

Fix these issues and let us know if it works better.

HTH

Rick 

Spot on! After setting the policy on my inside interface (was on my outside interface previously). My PBR works! 

I have also changed from default next-hop to next hop. (Both way works.)

I'll have more questions but ill start another thread on it.

Thank you very much!

Thanks for the update. Yes it is an important part of PBR (and one that new users frequently miss) that the route map is applied on the interface where the traffic arrives and not on the outbound interface. Here is the way that I think about it and keep straight which interface to use. If we apply the route map to the inbound interface then the route map evaluates the traffic before we make a routing decision and we are able to apply policy to the routing decision. If we were to apply the route map to the outbound interface then the route map could evaluate the traffic only after the routing decision has been made (and the outbound interface selected) and that is too late to apply policy to the routing decision.

It is good to know that both set ip next-hop and set ip default next-hop work.

I hope that you do have more questions and that you will continue to be active in these forums. They are wonderful places to learn more about networking.

Congratulations on finding the solution to this problem. I am glad that our suggestions were able to guide you to this solution.

HTH

Rick