cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1547
Views
0
Helpful
9
Replies

FMC Flexconfig PBR

mortezasadeghi
Level 1
Level 1

I have been adding a route-map via flexconfig and it worked fine, but when I change some access-list rule or any change not flex config and deploy all route-map configuration still in running-config but the PBR does not work.

if I remove the PBR with prepend flexconfig and read it works well. also, this procedure for any change is repeated.

 

9 Replies 9

balaji.bandi
Hall of Fame
Hall of Fame

post the config bit, is the same route-map are you using for both PBR ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Balaji

Yes, the route-maps are the same.

 

route-map $PBR-USER permit 10

set ip netx-hop $GW-USER

 

route-map $PBR-DMZ permit 10

set ip next-hop $GW-DMZ

 

route-map $PBR-SRV permit 10

set ip next-hop $GW-SRV

 

route-map $PBR-WL permit 10

set ip next-hop $GW-WL

 

interface ethernet1/13

policy-route route-map $PBR-USER

 

interface ethernet1/11

policy-route route-map $PBR-DMZ

 

interface ethernet1/8

policy-route route-map $PBR-SRV

 

interface ethernet1/6

policy-route route-map $PBR-WL

 I change some access-list rule or any change 

what change, using FMC, that should not make any changes, if you do Manually on the device, that may have an issue.

 

we are not sure what is the variable content ? or what other changes you added, if would be nice to get information after adding ACL and how the config looks like, so we get a chance to find the reason? what is wrong?

 

https://integratingit.wordpress.com/2021/04/18/ftd-policy-based-routing/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Balaji

for example, I added new nat and deploy the configuration to FTD, after the changes commit all PBR to stop working and all configurations for PBR are still present in the running-config.

I guess this is a bug.

NAT on out going ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

incoming nat

Can you post that information.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Which information do you want?

After adding NAT which broke system, so i am looking that syntax.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help