Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ip policy


i have a router R1 connected to internet via S1 and to a remote site via

S0 (both LL).

so as static routes i have:

ip route s1

ip route s0

i configured R1 to direct trafic coming from a remote IP user to a

specific host (firewall on the LAN). i used route-map with access list:

so :

access-list 10 permit


route-map test permit

match ip address 10

set ip next-hop


int s0

ip policy route-map test


i think there is an implicit deny, but when i use an other remote IP

address i can usually go to the internet without passing by the

firewall. the debug ip policy, says the paquet does not match the map so

it uses default route . i thought R1 must discard the paquet because of

the implicit deny. is it normal?


please replay to


Re: ip policy

Falling through a route map doesn't mean the packet is dropped--it means it is routed based on the routing table, rather than policy routed. Thus, what you need to do is to either filter the packet with an access list, or create a second route map entry matching everything and setting the next hop interface to null0, or something along those lines....


New Member

Re: ip policy

i see thanks for your explanaition