Dear All, i have a problem on configuring a PBR to let a server use as next hop a remote site connected by a GRE tunnel. The layout is: LAN ---- (vlan1) Router1 (Tunnel624) ---------GRE---------(Tunnel624) Router2 ---- Internet The objective is to PAT a server (172.18.2.100) located in my LAN on Router2 using his data line. Router 1 config is: interface Tunnel624 ip address 172.26.252.25 255.255.255.252 tunnel source FastEthernet0/0 tunnel destination "public R2 IP address" interface Vlan1 ip address 172.18.2.254 255.255.255.0 ip nat inside ip virtual-reassembly ip policy route-map PBR ip access-list extended PBR permit ip host 172.18.2.100 any log route-map PBR permit 10 match ip address PBR set ip next-hop 172.26.252.26 ! On Router2 the configuration is the following: interface Tunnel624 ip address 172.26.252.26 255.255.255.252 ip nat inside tunnel source Loopback0 tunnel destination "public R1 IP address" ! ! interface FastEthernet0/0 ip address "public R2 IP address" ip nat outside ip virtual-reassembly duplex auto speed auto no cdp enable ! ip route 172.18.2.0 255.255.255.0 172.26.252.25 ip nat inside source static tcp 172.18.2.100 80 "public R2 IP address" 80 extendable R2 and the server LAN can communicate perfectly. The problem is that no requests are received by the server if they comes from the "public R2 IP address". On R1 a "debug ip packets" gives the following "access denied" even if no access lists on the involved interfaces are configured. *May 7 12:03:35.683: IP: tableid=0, s="My Public IP" (Tunnel624), d=172.18.2.100 (Vlan1), routed via FIB *May 7 12:03:35.687: IP: s="My Public IP" (Tunnel624), d=172.18.2.100 (Vlan1), len 48, access denied *May 7 12:03:35.687: TCP src=50359, dst=80, seq=1253016140, ack=0, win=8192 SYN Have you any idea? thanks, Paolo