Permit and deny clauses, Match and set clause values – Cisco ASA 5505 User Manual
Page 458
 
23-2
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 23 Defining Route Maps
Information About Route Maps
•
Each ACL ends with an implicit deny statement, by design convention; there is no similar 
convention for route maps. If the end of a route map is reached during matching attempts, the result 
depends on the specific application of the route map. Fortunately, route maps that are applied to 
redistribution behave the same way as ACLs: if the route does not match any clause in a route map 
then the route redistribution is denied, as if the route map contained deny statement at the end.
The dynamic protocol redistribute command allows you to apply a route map. In ASDM, this capability 
for redistribution can be found when you add or edit a new route map (see the 
). Route maps are preferred if you intend to either modify route information during
redistribution or if you need more powerful matching capability than an ACL can provide. If you simply 
need to selectively permit some routes based on their prefix or mask, we recommends that you use a route 
map to map to an ACL (or equivalent prefix list) directly in the redistribute command. If you use a route 
map to selectively permit some routes based on their prefix or mask, you typically use more 
configuration commands to achieve the same goal.
Note
You must use a standard ACL as the match criterion for your route map. Using an extended ACL will 
not work, and your routes will never be redistributed. We recommend that you number clauses in 
intervals of 10, to reserve numbering space in case you need to insert clauses in the future.
This section includes the following topics:
•
Permit and Deny Clauses, page 23-2
•
Match and Set Clause Values, page 23-2
Permit and Deny Clauses
Route maps can have permit and deny clauses. In the route-map ospf-to-eigrp command, there is one 
deny clause (with sequence number 10) and two permit clauses. The deny clause rejects route matches 
from redistribution. Therefore, the following rules apply:
•
If you use an ACL in a route map using a permit clause, routes that are permitted by the ACL are 
redistributed.
•
If you use an ACL in a route map deny clause, routes that are permitted by the ACL are not 
redistributed.
•
If you use an ACL in a route map permit or deny clause, and the ACL denies a route, then the route 
map clause match is not found and the next route-map clause is evaluated.
Match and Set Clause Values
Each route map clause has two types of values:
•
A match value selects routes to which this clause should be applied.
•
A set value modifies information that will be redistributed into the target protocol.
For each route that is being redistributed, the router first evaluates the match criteria of a clause in the 
route map. If the match criteria succeed, then the route is redistributed or rejected as dictated by the 
permit or deny clause, and some of its attributes might be modified by the values set from the Set Value 
tab in ASDM or from the set commands. If the match criteria fail, then this clause is not applicable to 
the route, and the software proceeds to evaluate the route against the next clause in the route map. 
Scanning of the route map continues until a clause is found whose match command(s), or Match Clause 
as set from the Match Clause tab in ASDM, match the route or until the end of the route map is reached.