diff --git a/roles/exit/templates/frr.conf.j2 b/roles/exit/templates/frr.conf.j2
index 8d14742..afa04ea 100644
--- a/roles/exit/templates/frr.conf.j2
+++ b/roles/exit/templates/frr.conf.j2
@@ -358,6 +358,8 @@ route-map firewall->outside permit 1
   match ip address prefix-list fabric
 route-map firewall->outside permit 2
   match ipv6 address prefix-list fabric
+route-map firewall->outside permit 20
+  match ip address prefix-list office
 route-map firewall->outside permit 21
   match ipv6 address prefix-list office
 route-map firewall->outside permit 30
diff --git a/roles/firewall/templates/frr.conf.j2 b/roles/firewall/templates/frr.conf.j2
index 4172131..9d3ba08 100644
--- a/roles/firewall/templates/frr.conf.j2
+++ b/roles/firewall/templates/frr.conf.j2
@@ -136,10 +136,11 @@ route-map outside->default permit 10
 route-map outside->default permit 11
   match ipv6 address prefix-list default
 
-# Send IPv6 office addresses and IPv4 NAT addresses to outside peers
-# so inbound packets go through the firewall.
+# Send inside and NAT addresses to outside peers so inbound packets go through the firewall.
 route-map default->outside permit 1
   match interface lo
+route-map default->outside permit 10
+  match ip address prefix-list office
 route-map default->outside permit 11
   match ipv6 address prefix-list office
 route-map default->outside permit 20