cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1811
Views
5
Helpful
5
Replies

Cisco FMC dual home internet connection

loganati
Level 1
Level 1

Hi everyone!

 

I stuck at point, can anyone explain me how to configure Cisco FMC to automatically switch to second Internet channel, when main is down.

 

I have this config

 

route Outside_KTC 0.0.0.0 0.0.0.0 188.127.36.49 5 track 3
route Outside 0.0.0.0 0.0.0.0 88.204.132.81 10
route Outside_KTC 8.8.8.8 255.255.255.255 188.127.36.49 1

 

sla monitor 1
type echo protocol ipIcmpEcho 8.8.8.8 interface Outside_KTC
num-packets 3
timeout 2000
threshold 2000
frequency 5
sla monitor schedule 1 life forever start-time now

 

Track 3
Response Time Reporter 1 reachability
Reachability is Up
342 changes, last change 15:00:07
Latest operation return code: OK
Latest RTT (millisecs) 70
Tracked by:
STATIC-IP-ROUTING 0

 

NAT:

Manual NAT Policies (Section 3)
1 (inside) to (Outside_KTC) source dynamic NAT_networks interface destination static any_IPv4 any
translate_hits = 15371055, untranslate_hits = 22239611
2 (inside) to (Outside) source dynamic NAT_networks interface description KT Channel
translate_hits = 0, untranslate_hits = 0

 

So, it looks like everything have to work fine, at least for me. I emulated 1st internet channel (Outside_KTC) down state, SLA went in down state and default route changes its direction, but Internet doesn't work over 2nd channel (Outside) until I disable NAT rule for 1st channel. Have any idea how configure it to work automatically? How to force NAT perform ip routing table lookup?

1 Accepted Solution

Accepted Solutions

balaji.bandi
Hall of Fame
Hall of Fame

FMC is generally a Management platform - Dual Gateway handles by Edge devices - like FTD or Your Internet Edge Routers Failover mechanism.

 

if you looking to deploy this on FTD watch the below video :

 

https://www.youtube.com/watch?v=MKcSBTJ55e8

https://integratingit.wordpress.com/2020/08/14/ftd-dual-isp-failover/

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

5 Replies 5

pieterh
VIP
VIP

FMC is "just" central management this will not switch between internet connections
my suggestion is to also add a "track" to the NAT statement, so the firewall will use the other NAT plus outbound route

It's obvious, but configuration to deploy on devices performs in the FMC.

Have any idea how to add track to NAT rule in FMC? Can't see this option.

balaji.bandi
Hall of Fame
Hall of Fame

FMC is generally a Management platform - Dual Gateway handles by Edge devices - like FTD or Your Internet Edge Routers Failover mechanism.

 

if you looking to deploy this on FTD watch the below video :

 

https://www.youtube.com/watch?v=MKcSBTJ55e8

https://integratingit.wordpress.com/2020/08/14/ftd-dual-isp-failover/

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Cisco FTD policy based routing (PBR) with IP SLA using Flexconfig on FMC LinkedIn: https://www.linkedin.com/in/ahmed-shalaby1/

Thanks a lot, second link was a really helpful. You have to use Auto NAT rules, but can't use the same source objects, so you have to create 2 different network object with the same address space inside. It works!

yes, that is the trick, nice to know all working as expected.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Review Cisco Networking for a $25 gift card