I have the following setup:
PC --> access switch --> core switch --> isa server --> ASA firewall --> Internet
(isa server is a windows firewall). My core switch has a default gateway pointing to the isa server and not the ASA firewall, this is pretty much the standard in the company. However there are specific devices that need to bypass the ISA and go to the Internet via the ASA alone (no ISA in the routing path). I therefore wish to implement a PBR on the core where traffic from a specific PC would go as follows:
PC --> access sw --> core --> ASA fw
bypassing the ISA server.
I did the following:
!pc is 18.104.22.168
access-list 1 permit 22.214.171.124 0.0.0.0
!pc vlan interface
interface vlan 20
ip add 126.96.36.199 255.255.255.0
ip policy route-map test
route-map test permit 1
match ip address 1
set ip next-hop <fw ip address)
This configuration did not work in lab environment.
Note that that the firewall IP address is on a different vlan than the pc but is routing within the core switch.