First, I need to determine what traffic needs to go where. I have two firewalls here, in parallel with each other. So, what traffic do I want to go to the first firewall, and what do I want to go to the second firewall? Well, lets define out traffic:
Access-list 170 is going to say this: Any traffic from sourced from 192.168.41.0 and 192.168.137.0 and destined to any network is our target networks. Also, I DON'T want any traffic sourced from 10.0.0.0 networks and destined for 192.168.2.0 networks to be a part of this, or any other traffic (specified by the deny ip any any).
access-list 170 deny ip 10.0.0.0 0.255.255.255 192.168.2.0 0.0.0.255
access-list 170 permit ip 192.168.41.0 0.0.0.255 any
access-list 170 permit ip 192.168.137.0 0.0.0.255 any
access-list 170 deny ip any any
My second access-list 171. Similar to above, but different networks.
access-list 171 deny ip 10.0.0.0 0.255.255.255 192.168.2.0 0.0.0.255
access-list 171 permit ip 192.168.129.0 0.0.0.255 any
access-list 171 permit ip 192.168.130.0 0.0.0.255 any
access-list 171 deny ip any any
Now, the route-map. The first three lines of the route-map LoadBal refer to access-list 170. Anything that matches ACL 170 (the permits), the traffic is to be sent to the next-hop of 192.168.190.254. In the second set of three, anything that matches ACL 171 will be sent to 192.168.190.253 (again, the permits only).
route-map LoadBal permit 10
match ip address 170
set ip next-hop 192.168.190.254
route-map LoadBal permit 20
match ip address 171
set ip next-hop 192.168.190.253
Now, we have to apply this route-map to an interface. Really easy to do. Just reference the route-map name, which you gave in the first line and fourth line above.
ip policy route-map LoadBal
That's it. Can you image how complex you can get with this? Literally, your imagination is the limit.