https://community.cisco.com/t5/network-security/ftd-with-two-outside-interfaces/m-p/3696779#M1004680 <P>Hi,</P> <P>&nbsp;</P> <P>I need to configure an Firepower 2110 so that it has two Ouside interfaces.</P> <P>Offcourse, I will put an Default Gateway route on interface Outside_1 and I wil have all my traffic go this direction. But I need e.g. that my second, Outside_2, interface be an AnyConnect gateway. What options do I have? I assume that FTD doesn't allow two active default routes to two different interfaces.&nbsp;</P> <P>&nbsp;</P> <P>My idea is that I configure an&nbsp;Router with Source and destination NAT on Outside_2 interface so that the FTD only sees that Router on this Interface but this would be just too complicated. Is there any other solutions?</P> <P>&nbsp;</P> <P>Thanks&nbsp;</P> <P>Dejan</P> Fri, 21 Feb 2020 16:09:47 GMT dejan_jov1 2020-02-21T16:09:47Z https://community.cisco.com/t5/network-security/ftd-with-two-outside-interfaces/m-p/3696779#M1004680 <P>Hi,</P> <P>&nbsp;</P> <P>I need to configure an Firepower 2110 so that it has two Ouside interfaces.</P> <P>Offcourse, I will put an Default Gateway route on interface Outside_1 and I wil have all my traffic go this direction. But I need e.g. that my second, Outside_2, interface be an AnyConnect gateway. What options do I have? I assume that FTD doesn't allow two active default routes to two different interfaces.&nbsp;</P> <P>&nbsp;</P> <P>My idea is that I configure an&nbsp;Router with Source and destination NAT on Outside_2 interface so that the FTD only sees that Router on this Interface but this would be just too complicated. Is there any other solutions?</P> <P>&nbsp;</P> <P>Thanks&nbsp;</P> <P>Dejan</P> Fri, 21 Feb 2020 16:09:47 GMT https://community.cisco.com/t5/network-security/ftd-with-two-outside-interfaces/m-p/3696779#M1004680 dejan_jov1 2020-02-21T16:09:47Z https://community.cisco.com/t5/network-security/ftd-with-two-outside-interfaces/m-p/3697201#M1004684 You don't have another option. The source IPs are dynamic and the return<BR />traffic will always go through default gateway. You option isn't too<BR />complicated and commonly used. You can have multi-context deployment and<BR />keep one-context for VPN use while the other one for internet.<BR /> Wed, 29 Aug 2018 17:15:48 GMT https://community.cisco.com/t5/network-security/ftd-with-two-outside-interfaces/m-p/3697201#M1004684 Mohammed al Baqari 2018-08-29T17:15:48Z https://community.cisco.com/t5/network-security/ftd-with-two-outside-interfaces/m-p/3716144#M1004685 <P>Hi,</P> <P>&nbsp;</P> <P>I configured PBR over FlexConfig on this Firepower so it solved this problem. The FlexConfig was a little bit tricky to configure but at the end it’s functioning as expected. The issue that I think that I still have here is that the FlexConfig isn’t really supported. From the FMC Configuration Guide:</P> <P>&nbsp;</P> <P>"<SPAN class="searchMark primary">Flex</SPAN><SPAN>Config features may become deprecated at any time. For fully guaranteed feature support, you must wait for&nbsp;</SPAN><SPAN class="ph">Firepower Management Center</SPAN><SPAN>&nbsp;support. When in doubt, do not use&nbsp;</SPAN><SPAN class="searchMark primary">Flex</SPAN><SPAN>Config policies.</SPAN>"</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/flexconfig_policies.html?bookSearch=true#id_39808" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/flexconfig_policies.html?bookSearch=true#id_39808</A></P> <P>&nbsp;</P> <P>I hope the migration from FlexConfig will not be painfull...</P> Mon, 01 Oct 2018 10:32:15 GMT https://community.cisco.com/t5/network-security/ftd-with-two-outside-interfaces/m-p/3716144#M1004685 dejan_jov1 2018-10-01T10:32:15Z