Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2175
Views
0
Helpful
8
Replies

FTD-PBR

Mahendervyas35821
Level 1
Level 1

‎02-09-2021 07:52 AM

Hello Community

i am tryig to do PBR flex config in my lab environment . 

1. I have 2 internal subnets 10.1.1.0 /24 and 192.168.1.0/24 

2. i want 10.1 should take isp-1 and 192.168 should take ISP-2

3. did extended ACL and tried Flex config , but getting error while save Flex-config-object . 

attached errors in attachment . 

Thanks in advance for any support or suggestions . 

 

Preview file
101 KB
Preview file
143 KB
0 Helpful
8 Replies 8

Rob Ingram
VIP
VIP

‎02-09-2021 08:10 AM

Hi @Mahendervyas35821 

Route-map object creation in the FlexConfig object is blocked, but you can use route map objects defined in the object manager inside the template as variables.

 

Follow the instructions in the "How to configure Policy Based Routing" section.

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/flexconfig_policies.html#reference_dhf_dyj_yx

 

0 Helpful

Mahendervyas35821
Level 1
Level 1
In response to Rob Ingram

‎02-09-2021 08:24 AM

Hi Rob , 

I followed this video on how to do . 

https://www.youtube.com/watch?v=lakHhw9CR5Y&t=285s

 

iam not sure if i missed anything . as you said Route-map object creation is blocked how can i unblock this . 

Sorry if i asked something wrong .

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎02-09-2021 08:20 AM

not sure variable splitting some errors, make sure there is no space or extra characted added.

follow below video step by step :

 

https://www.youtube.com/watch?v=lakHhw9CR5Y

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Mahendervyas35821
Level 1
Level 1
In response to balaji.bandi

‎02-10-2021 01:31 AM

hi @balaji.bandi 

Followed exact same steps , iam not sure why this error throwing .

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Mahendervyas35821

‎02-10-2021 03:23 AM

Not sure what version of FTD, may be old one dont like some syntax, as suggested, ratgher calling variable use direct command and test it.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Mohammed al Baqari
Level 11
Level 11

‎02-09-2021 09:04 AM

Hi,

Not sure what version you are using but its a version that support PBR then
flex config PBR won't be accepted.

See this.

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-route-maps.html


***** please remember to rate useful posts
0 Helpful

Mahendervyas35821
Level 1
Level 1
In response to Mohammed al Baqari

‎02-10-2021 01:28 AM

Hi @Mohammed al Baqari  ,

 iam using ftd 6.2.0 and fmc also 6.2.0

 

is there any docs to check which version support flex config with pbr . 

0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to Mahendervyas35821

‎02-10-2021 02:08 AM

Hi,

6.2 doesn't support PBR of the box so flex should be working. Instead of
using variables '$' can you use absolute names and see if it works.

**** please remember to rate useful posts
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card