Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1356
Views
10
Helpful
8
Replies

flexconfig in Cisco FTD

Go to solution
shaikh.zaid22
Level 3
Level 3

‎06-29-2022 12:10 AM

Hi

 

We have a cisco ftd configure via fmc.

We have a guest ADSL connection configured via Flexconfig PBR to route the guest subnet 10.10.251.0/24 to ADSL GW.

Now i have a requirement to exclude 2 ip addresses from the 251 range from the flexconfig PBR.

 

Need assistance how i can achieve it.

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP
In response to shaikh.zaid22

‎06-29-2022 04:33 AM

Just the ACL configuration.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

8 Replies 8

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎06-29-2022 01:14 AM

check this guide :  ( remove related config related to IP subnet you looking to remove) so it used default route

 

https://integratingit.wordpress.com/2021/04/18/ftd-policy-based-routing/

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/217588-configure-pbr-with-ip-slas-for-dual-isp.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP

‎06-29-2022 02:57 AM

I am assuming you have an ACL that is matching on the traffic that is to be sent to the guest subnet?  If so, then it is just a matter of adding deny statement at the top of that ACL for the two IPs you want to exclude and then deploy.

--
Please remember to select a correct answer and rate helpful posts

Go to solution
shaikh.zaid22
Level 3
Level 3
In response to Marius Gunnerud

‎06-29-2022 03:59 AM

Hi Marius,

 

You are correct, i have one subnet in one ACL that is called-in to the Flexconfig.

 

From this same subnet i want to remove/axe two ip addresses to not get forwarded towards the ADSL GW.

 

So shall just add the two ip's in the same ACL with Actions as Block ?

 

 

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to shaikh.zaid22

‎06-29-2022 04:10 AM

Correct, just add the two IP in the same ACL with block action, above the permit rule (this is important), and you should be good.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
shaikh.zaid22
Level 3
Level 3
In response to Marius Gunnerud

‎06-29-2022 04:25 AM

Thanks Marius. I will do as directed.

 

However, do i not have to touch anything in the flexconfig part ?

 

Only ACL changes will suffice right ?

 

Thanks once again

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to shaikh.zaid22

‎06-29-2022 04:33 AM

Just the ACL configuration.

--
Please remember to select a correct answer and rate helpful posts

Go to solution
shaikh.zaid22
Level 3
Level 3
In response to Marius Gunnerud

‎07-02-2022 01:37 AM

Thank Marius. 

 

It worked.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to shaikh.zaid22

‎06-29-2022 09:07 AM

For PBR, the Flexconfig policy references the ACL. so changing the ACL suffices to change the net behavior of the Flexconfig policy

0 Helpful
Review Cisco Networking for a $25 gift card
Top