High-level current topology layout
Two layer 3 3560 switches and two Cisco ASA 5510 firewalls.
All four devices run OSPF.
One firewall is the primary internet for outbound traffic
The other firewall is the primary internet for inbound traffic such as SMTP, WEB, etc.
All servers are on one vlan 10.0.5.0/24 
The
primary outbound firewall is on its own vlan 192.168.19.0/24 and the
secondary firewall for inbound traffic is on 192.168.18.0/24.
The servers use the 10.0.5.1 for its default gateway which is the Layer 3 switch a Cisco 3560 with the enhanced image. 
The
firewalls are Cisco ASA. The primary FW advertises the default route
with its default metric and the secondary advertises the default route
with its metric higher so it is never used. 
I create a route MAP for the handful of servers that need to send their internet traffic to the inbound firewall 
route-map inbound-internet permit 11
 match ip address 11
 set ip next-hop 192.168.18.2 (the firewall IP Address) 
!
standard IP access list
   20 permit 10.0.5.41
   10 permit 10.0.5.40
   40 permit 10.0.5.49
   30 permit 10.0.5.221
This
works fine but the problem is that now the handful of servers can’t
communicate with the internal network because the Cisco ASA is its
default gateway and the ASA has its own rules when it comes to uturn
traffic. I want all internet traffic to go to the ASA but internal
traffic to stay on the L3 switch. 
The internal networks are on other subnets outside of the server network 10.1.1.x/24. 
I tried creating this route-map but when I applied it the switch generated a log stating it did not support this route-map.
The access-list 101 is the handful of servers with deny to the internal subnets. 
route-map inbound-internet deny 10
 match ip address 101
!
route-map inbound-internet permit 11
 match ip address 11
 set ip next-hop 192.168.18.2
!
 
%PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map inbound-internet not supported for Policy-Based Routing
Is this a limitation on this platform or am I missing something?
Thanks for everyone’s participation on this post.
Regards,
Juan 

Hi Juan,

As per the error messages it says

Error Message    PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map [chars] not supported for Policy-Based Routing

Explanation    This message means that the route-map attached to an interface for policy routing contains an action that is not supported on this platform. This is a hardware limitation. [chars] is the route-map.

Recommended Action    Reconfigure the route-map to use permit entries and set ip next-hop actions only.

Check out the below link for more information

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.1_19_ea1/system/message/msg_desc.html#wp119193

Hope to Help !!

Remember to rate the helpful post

Ganesh.H

Juan

PBR on the 3750 does not allow a deny statement with a route-map. However you can use deny statements in the acl so -

access-list 101 deny ip host

where subnet is one of your internal subnets. For all traffic you want to not be policy routed you need to add a line in acl 101. Then just add the ones you do want to be policy routed at the end eg.

you have a server 192.168.5.1 and 3 other internal vlans

vlan 10 = 192.168.6.0/24

vlan 11 = 192.168.7.0/24

vlan 12 = 192.168.8.0/24

you want the server not to be policy routed for the above vlans but policy routed for everything else -

access-list 101 deny ip host 192.168.5.1 192.168.6.0 0.0.0.255

access-list 101 deny ip host 192.168.5.1 192.168.7.0 0.0.0.255

access-list 101 deny ip host 192.168.5.1 192.168.8.0 0.0.0.255

access-list 101 permit ip host 192.168.5.1 any

route-map PBR1 permit 10

match ip address 101

set ip next-hop x.x.x.x

so you can do all you want with one route-map statement. Anything you want not to be policy routed just put it first in the acl as a deny.

Edit - a word of warning though. Any denies in the acl cause the traffic to be processed switched as opposed to hardware switched which can have a significant impact on the switch resources so you need to keep an eye on the switch CPU once you apply the route-map.

Jon