Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Using Policy routing to force WAN frame to go through Watchguard Firewall

Ok.. Here's my situation, I have 45 some odd branch locations all coming in through Frame Relay. As of right now, they have full access to the Internet because they come in one Serial interface of my 2620 router and out the other to the Internet. Only the HQ is protected by the firewall. I want to use Policy routing to force the packets through the firewall so they can be not only protected but monitored as well... Here's a chunk of my config:

interface Serial0/1.XX point-to-point

ip address 10.XX.XX.XX <- scheme for router

no ip directed-broadcast

ip nat inside

frame-relay interface-dlci XXX


ip nat pool XXX XXX.XXX.XXX.X XXX.XXX.XXX.X netmask

ip nat inside source list 1 pool XXX overload


access-list 101 permit ip any any


route-map XXX permit 10

match ip address 101

set ip next-hop XXX.XXX.X.XX <- My Firewall (inside address)


route-map XXX permit 20

Help! I have never used policy routing before!


Re: Using Policy routing to force WAN frame to go through Watchg

You'll want to read through the Policy Routing Whitepaper, located at

CreatePlease to create content