I have BGP configured and peering is up between FTD and our ISP. Only the default route is getting advertised. I added another network that I want to get advertised, but it's not showing up. I believe the reason for that is that network is not directly connected to the FTD, so it isn't showing up in the FTD routing table. It is a /24 block that we purchased for use with NAT. So, for example, I want mysite.example.com to resolve to one of the IP's within that /24 and for it to get routed back to my FTD so I can NAT that back into my network. In order for the rest of the world to know that the /24 goes back to my FTD, I need that /24 to be advertised, via BGP, out to my ISP. So how do I get an unconnected subnet to be added to the routing table so it gets advertised out with BGP? Hopefully that helps.

Thanks,

Mike

this public network you get from same provider you want to advertise to ?

No, we purchased this block from a broker. It is now registered to us with ARIN. We have another /23 block that we split into two /24's for use at our datacenters. For those, we don't have BGP set up and have the ISP advertise the space for us and route them back to our firewalls. In this instance, we have multiple ISP connection for the site and want to do the advertising of the space ourselves. 

I have tried to add aggregate address but that didn't seem to work either. Perhaps I'm not configuring it correctly. This is the first time I've configured BGP on a FTD.

> show bgp

BGP table version is 7, local router ID is 208.126.235.195
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
r> 0.0.0.0 207.177.5.214 0 5056 i
*> 207.177.5.208/29 0.0.0.0 0 32768 i

> show bgp neighbors 207.177.5.214 advertised-routes

BGP table version is 7, local router ID is 208.126.235.195
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 207.177.5.208/29 0.0.0.0 0 32768 i

Total number of prefixes 1

Hi Jon,

Yes, the concern with using null0 is that the traffic will get dropped.

I didn't think about adding a static route with the exit interface being inside or DMZ. The concern with that is some of the /24 will NAT to the inside and some to the DMZ. So, I'm not sure how that will work. I suppose I could subnet it down and dedicate one half to a route going to inside and the other to the DMZ. I'll give that a shot and reply with the results.

Thanks,

Mike

I dont quite sure here this will work

Config static toward ISP and redistrubte static into bgp.

Note:- aggregate as I mention before need prefix in ftd rib to work' here in your case it will not work sure.

Normally  we advertise lan into ISP not public IP for NAT. 

That why I confuse and ask many times.

Are ISP accept to advertise this public IP? Need to be sure by ask them 

Mike 

Your ISP may not accept anything less than a /24 advertisement but you could still make it work by having a /24 static route pointing out of one of the interfaces and then as you say use more specific routes to direct to the other interface.

You just need the /24 to advertise the BGP prefix. 

Jon