FTD 1010 with dual ISP

Mohamed Abdullah · ‎06-24-2020

Dears i have topology as picture,

i want do divide inside network as from IP (192.168.1.1- 20) get out from ISP1 and other IP (192.168.1.21-200) get out from ISP2

i try the PBR with the help of FlexConfig in this video but not work.

https://www.youtube.com/watch?v=lakHhw9CR5Y

can any one help me?

Rob Ingram · ‎06-24-2020

Hi,

What is your PBR configuration? Please provide screenshots

Mohamed Abdullah · ‎06-24-2020

@Rob Ingram

Rob Ingram · ‎06-24-2020

Is that the full configuration? You don’t appear to have the “match ip address” command under the policy maps.

I assume you’ve applied the configuration to the outside interfaces? The policy-map should be applied to the inside interface.

Mohamed Abdullah · ‎06-24-2020

@Rob Ingram

I dont understand you, can you explain to me?

Rob Ingram · ‎06-24-2020

You need to define the source networks using the "match ip address" command in the policy-map.

Traffic is routed based on the source IP address, you need to apply the policy-map on the inside interface - traffic will then be routed out of the correct outside interface as determined using the PBR policy-map configuration.

Refer to the following links for more information:-

https://www.slideshare.net/redouanemeddane/policybased-routing-using-flexconfig-firepower-threat-defense

https://www.ciscozine.com/pbr-route-a-packet-based-on-source-ip-address/

Mohamed Abdullah · ‎07-05-2020

@Rob Ingram

i apply this configuration and apply it on inside interface but all inside still using one ISP and failover didn't work

Mohamed Abdullah · ‎07-06-2020

HI all,

when I deploy the flex config i get this warning but its deployed without any problem