Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1228
Views
5
Helpful
2
Replies

FTD with multiple WAN connections - how can I control Identity NAT out each interface?

newbieftd
Level 1
Level 1

‎12-21-2020 04:47 PM

We have (2) networks (C's), publicly accessible. I am trying to to place 1-to-1 (or identity NAT) on both interfaces, but routing force everything out my lowest metric, and I do not want ECMP (load balanced) config.

i.e.

Routes metric 1 [int 1/1] - GW 1.1.1.1/24

Routes metric 2 [int 1/2] - GW 2.2.2.1/24

 

Internal 192.168.0.5 [int 1/12] <--> External IP: 1.1.1.5/24 [int 1/1] (to/from bi-directional NAT) 

Internal 192.168.0.6 [int 1/12] <--> External IP: 2.2.2.5/24 [int 1/2] (to/from bi-directional NAT) 

Traffic/NATing on int 1/1 is fine (multiple 1-to-1 NAT rules)

 

For int 1/2 - capturing the traffic on the FTD, it is routed inbound fine, but the on return it does a route lookup instead of going back out int 1/2, so packets are dropped

 

TIA -

2 Replies 2

newbieftd
Level 1
Level 1

‎12-21-2020 08:19 PM

Digging around, looks like I may want/need to use Policy Based Routing (BPR), or Managed Virtual Router -

Sound right?

Any good documentation on this?

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎12-22-2020 12:13 AM

YES PBR is the right way to go to send traffic to respected WAN/ISP interface, so that wll be NATed based on the ISP Address

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card