12-21-2020 04:47 PM
We have (2) networks (C's), publicly accessible. I am trying to to place 1-to-1 (or identity NAT) on both interfaces, but routing force everything out my lowest metric, and I do not want ECMP (load balanced) config.
i.e.
Routes metric 1 [int 1/1] - GW 1.1.1.1/24
Routes metric 2 [int 1/2] - GW 2.2.2.1/24
Internal 192.168.0.5 [int 1/12] <--> External IP: 1.1.1.5/24 [int 1/1] (to/from bi-directional NAT)
Internal 192.168.0.6 [int 1/12] <--> External IP: 2.2.2.5/24 [int 1/2] (to/from bi-directional NAT)
Traffic/NATing on int 1/1 is fine (multiple 1-to-1 NAT rules)
For int 1/2 - capturing the traffic on the FTD, it is routed inbound fine, but the on return it does a route lookup instead of going back out int 1/2, so packets are dropped
TIA -
12-21-2020 08:19 PM
Digging around, looks like I may want/need to use Policy Based Routing (BPR), or Managed Virtual Router -
Sound right?
Any good documentation on this?
12-22-2020 12:13 AM
YES PBR is the right way to go to send traffic to respected WAN/ISP interface, so that wll be NATed based on the ISP Address
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide