1. Write extended ACL to deny internal traffic then permit the specific Internet bound traffic.
ip access-list extended PBRlist
deny ip any 192.0.2.0 0.0.0.255
permit ip any any
2. Configure route-map Policy referencing the ACL and specifying the next hop:
route-map policy traffic permit 15
match ip address PBRlist
set next-hop 203.0.113.10
3. Add ip policy route-map to the ingress VLANs to which this must apply.
ip address 192.0.2.14 255.255.255.0 primary
ip policy route-map traffic in