I am trying to configure a rule on my router that will force all port 80 traffic except that which is coming from a specific list of IP addresses. I am currently looking at route-maps. I have not found a way to set up the policy to refference first one then another list and assign a route based on which one made a hit. Since there cannot be more than one policy in effect on any given interface, I cannot simply create on policy and give it a lower numerical value than the other to assign precedence.
Currently I have an ACL with a test IP and a route-map policy that redirects any and all port 80 traffic from said IP to my proxy server. This works fine, but in order to implement it I have to assign the policy to the gateway port for that vlan. We have a few web servers running on the same VLAN as some of our users computers and cannot have the traffic from the web-servers being run through a proxy server. We are trying to do this without having to restructure our VLANs.
when configuring a route-map I am using the following
access-list 168 permit tcp host X.X.X.X any eq 80
route-map redirect permit 10
match ip address 168 (168 being the acl containing the permission list identifying the IP's that are to be assigned this rule)
set ip next-hop X.X.X.X
int gi */* ip policy route-map redirect
Am I following the wrong track here? I have a default gateway configured and it is correct. I would think that lacking a hit on the above ACL it would follow the default gateway.