Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PBR route maps

Hi, we've just recently changed the way that we route traffic outbound to our organization's firewalls because of increasing load and cpu utilization on our primary firewall handling web traffic. The change was from 100% static routes to the use of route-maps.

My question is this...we currently have several maps that direct traffic to certain next hop ips based on ips/ip blocks and type of traffic, but the last map we have in place is a type of catch-all gateway of last resort type map. I need to know if this is really needed as we also still have a static that points 0/0 traffic to a destination?

Another question: Does the router look at and use route maps before any statics in place?

If I'm unclear in any way please let me know so that I can restate my questions.

Thanks in advance.


Hall of Fame Super Blue

Re: PBR route maps

If there is no match in the PBR route-map then the packet will be routed via the normal process ie. the routing table. So no you don't really need a catch all.

The route-map will be consulted before any routes in the routing table whether they are statics or learnt via a dynamic routing protocol.


New Member

Re: PBR route maps

Thanks Jon. So as long as the default route is in place the route map can go away with no ill effect. The static is as follows:

ip route

and the route-map is as follows:

route-map inet_policy permit 700

description Gateway of last resort

match ip address 108

set ip next-hop

ACL108 is simply a 'permit ip any any' statement to catch all.

Also, do you or anyone else have any experience or knowledge with web caches and the wccp command? I have a couple of follow-up questions if so.

Thanks again.


New Member

Re: PBR route maps

Hi you please create ip access-list group and call the that Access-list in PBR. So that it can be easy to route the traffic through the backup firewall.


Re: PBR route maps


The route map is going to forward all traffic to the next hop specified, whether there is a specific route in the routing table for the destination or not. Is that what you want?

A Cisco router will perform PBR before destination-based routing. You must understand this. So, if you're expectation is that all traffic will be destined for the Internet, then, yes, you can remove the PBR and allow the default route to take over.



New Member

Re: PBR route maps

Jon, Victor:

Thank you.