Showing results for 
Search instead for 
Did you mean: 

Route-map in PBR not working

I am trying to route all traffic from a PC to an alternative

firewall for all internet traffic but the policy does not appear to be working

The PC sits in VLAN 100 and has an IP address of

Both internet firewalls sit in VLAN 200, the primary is and the secondary is

The GLR on the switch points to but all internet traffic from the PC (traffic entering VLAN 100) should be sent to the secondary device (

I have created an access list to define the traffic, created the route map and applied it

access-list 30 permit

ip route-map REROUTE permit 10

#match ip address 30

#set ip next-hop

interface vlan 1000

(config-if)# ip policy route-map REROUTE

What am I missing>???



Is the machine being routed to

It wasa typo that you enter the policy route-map on interface vlan 1000?

Can you get to from VLAN 100? Does the Firewall on has a route knowing how to return your traffic?


1. The machine is being routed to the GLR ( but the route-map should redirect to

2. Yes, 1000 was a typo

3. Yes, traffic can route between VLANs

When you have the configuration in place for the route-map and you send traffic from to the secondary Firewall,

you said is being routed to the primary Firewall. The route-map is not taking effect.

There are no access-lists denying the communcation between the PC and the secondary Firewall?


there are no access-lists denying access.. the traffic is being sent to the GLR with all the other traffic instead of being re-routed.

Just for testing purposes, if you create a static route to the second firewall does it work?

For example,

ip route network_behind_second_firewall mask

This will route all traffic to (not only from that's why I say that is a test just to see if the problem is only the route-map.

If it works,

does the route-map shows as active?

sh route-map all