04-19-2024 08:11 AM
My network endpoints use the IP addressed vlans on my core cisco layer three core switch as their gateway addresses. i.e.- vlan 11 endpoint address 192.168.11.3/24 with gateway 192.168.11.1/24 (vlan ip on core) and vlan 12 endpoint address 192.168.12.3/24 with gateway 192.168.12.1/24 (vlan ip on core). These vlans are then interconnected. I am attempting to create a path to the internet using the gateway of last resort out of the switch 0.0.0.0 0.0.0.0 10.2.2.1. 10.2.2.1, security zone "InsideTrunk," is the address of a physical inside interface on my Firepower 2130. I have created Access control policies to allow 192.168.11.0/24 and 192.168.12.0/24 from "InsideTrunk" to Outside on the Firepower. Also, the proper auto NATs for both subnets have been created. The endpoints are unable to reach the internet. All I am trying to do is create a transport network. Does anyone have an idea of what I am missing? I have attached the trunk config from the core switch.
Solved! Go to Solution.
04-25-2024 11:12 AM
Not only route' the points that I mention before
In FTD config l3 interface connect to SW give it IP like 100.0.0.1 (any unused IP)
In SW
Interface x/x
No switchport
Ip add 100.0.0.2 /24
No shut
In SW defualt route is enough'
Ip route 0.0.0.0 0.0.0.0 100.0.0.1
In FTD
You can use one or multi object' each object have subnet of one vlan
Route <interface connect SW to FTD> <object of vlan's> 100.0.0.2
Then you sure need NAT
Nat (inside'outside) abd use object you use in route in NAT
That It
Note:- ftd dont have security level so you need ACL allow traffic from and to vpan subnet
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide