Its the first time I post here so not sure if this is the right place.
I have 2 L3 switches configured in HSRP. 1 of them has a link to a firewall.
My goal is this:
VL50 Local 1 traffic (10.200.50.0/24) .1 is HSRP virtual IP .4 is Firewall IP
VL60 Local 2 traffic (10.200.60.0/24) .1 is HSRP virtual IP .4 is Firewall IP
VL80 DMZ (10.200.80.0/24) .1 is HSRP virtual IP .4 is Firewall IP
VL50<>VL60 should go through an ACL on the VLAN interface to filter traffic. in case the firewall connection is cut this will keep working
VL50<>DMZ traffic is routed to the firewall
The end devices have the HSRP virtual IP as default gateway.
I thought that if I make an ACL that define's all traffic with destination DMZ or web traffic and apply a route-map to it to forward it to the .2 (firewall IP) it would work.
It doesn't and I don't really know why, any advice?
Extended IP access list 2150
10 permit ip 10.200.50.0 0.0.0.255 10.200.80.0 0.0.0.255
20 deny ip 10.200.50.0 0.0.0.255 10.0.0.0 0.255.255.255
30 deny ip 10.200.50.0 0.0.0.255 172.16.0.0 0.15.255.255
40 deny ip 10.200.50.0 0.0.0.255 192.168.0.0 0.0.255.255
50 permit ip 10.200.50.0 0.0.0.255 any
route-map TEST permit 10
match ip address 2150
set ip next-hop 10.200.50.4
local traffic seems to work well but the PBR doesn't work at all