Solved: Trunking an ip addressed inside interface on Firepower 2130 - Page 4

jreynolds4 · ‎04-19-2024

My network endpoints use the IP addressed vlans on my core cisco layer three core switch as their gateway addresses. i.e.- vlan 11 endpoint address 192.168.11.3/24 with gateway 192.168.11.1/24 (vlan ip on core) and vlan 12 endpoint address 192.168.12.3/24 with gateway 192.168.12.1/24 (vlan ip on core). These vlans are then interconnected. I am attempting to create a path to the internet using the gateway of last resort out of the switch 0.0.0.0 0.0.0.0 10.2.2.1. 10.2.2.1, security zone "InsideTrunk," is the address of a physical inside interface on my Firepower 2130. I have created Access control policies to allow 192.168.11.0/24 and 192.168.12.0/24 from "InsideTrunk" to Outside on the Firepower. Also, the proper auto NATs for both subnets have been created. The endpoints are unable to reach the internet. All I am trying to do is create a transport network. Does anyone have an idea of what I am missing? I have attached the trunk config from the core switch.

MHM Cisco World · ‎04-25-2024

Not only route' the points that I mention before

In FTD config l3 interface connect to SW give it IP like 100.0.0.1 (any unused IP)

In SW

Interface x/x

No switchport

Ip add 100.0.0.2 /24

No shut

In SW defualt route is enough'

Ip route 0.0.0.0 0.0.0.0 100.0.0.1

In FTD

You can use one or multi object' each object have subnet of one vlan

Route <interface connect SW to FTD> <object of vlan's> 100.0.0.2

Then you sure need NAT

Nat (inside'outside) abd use object you use in route in NAT

That It

Note:- ftd dont have security level so you need ACL allow traffic from and to vpan subnet

MHM