Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3780
Views
0
Helpful
5
Replies

Having problem on creating PBR in cisco FTD 2110 using FDM

Go to solution
siva D
Level 1
Level 1

‎03-21-2021 08:51 AM

Hi ,

 

Having problem on creating PBR in cisco FTD 2110 using FDM

Device is running with 6.6 IOS.

We have two service provider and two Lan ranges.

i am trying push the each Lan ranges to different service provider but i am unable to achieve the expected result. Previously we achieved this while using the cisco ASA  firewall.

 

Done lot of google search i could see only the solutions via FMC only.

Followed the below configuration guide but didn't helped.

 

Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager, Version 6.6.0

 

Need someone help to get this sorted out.

 

Thanks in advance

Siva

 

 

 

 

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
siva D
Level 1
Level 1
In response to siva D

‎03-24-2021 05:20 AM

There is a open bug in cisco for PBR using FDM.

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb19682

 

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Rob Ingram
VIP
VIP

‎03-21-2021 09:00 AM - edited ‎03-21-2021 09:02 AM

@siva D 

PBR is configurable using Flexconfig when using FDM

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-routing.html

0 Helpful

Go to solution
siva D
Level 1
Level 1
In response to Rob Ingram

‎03-21-2021 09:17 AM

Hi Rob,

 

Thanks for your reply.

I have already gone thorough the document but now where in the document mentioned about PBR configuration steps using flex configuration.

 

Below are the configuration which we are using in cisco as to perform the PBR which is working without any issues

 

X ISP provider.
xxxxxxxxxxxxxxxxxxx

access-list PBR1 extended permit ip 10.10.10.0 255.255.255.0 any log


route-map PBR_ISP1 permit 2
match ip address PBR1
set ip next-hop 80.160.x.x


interface Ethernet 1/3.40
vlan 40
ip address 10.10.10.2 255.255.255.0 standby 10.10.10.3
no shut
policy-route route-map PBR_ISP1


Y ISP Provider :

access-list PBR2 extended permit ip 10.10.11.0 255.255.255.0 any log


route-map PBR_ISP2 permit 2
match ip address PBR2
set ip next-hop 80.150.x.x


interface Ethernet 1/3.41
vlan 41
ip address 10.10.11.2 255.255.255.0 standby 10.10.10.3
no shut
policy-route route-map PBR_ISP2

 

Need the configuration steps or samples in FTD 2110 

 

Br

Siva.D 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎03-21-2021 09:33 AM

There aren't always step by step guide for everything.

You can configure the route-map, access-list etc using the SmartCLI

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-route-maps.html#Cisco_Concept.dita_947eaa5d-2689-44eb-8e40-4c5270cd4e16

 

 

0 Helpful

Go to solution
siva D
Level 1
Level 1
In response to Rob Ingram

‎03-21-2021 10:24 AM

Hi Rob,

 

Thanks for your response.

I have already  configured the Extended access list and route-map using smart cli and tagged that route map to the interfaces using flex config .

 

While doing packet tracer in it matched the PBR but it is passing through the expected outside interface still it is picking up the default interface in spite of the fine tuned interface.

 

That the reason i was worried about the configuration and searching for help.

 

Br

Siva

0 Helpful

Go to solution
siva D
Level 1
Level 1
In response to siva D

‎03-24-2021 05:20 AM

There is a open bug in cisco for PBR using FDM.

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb19682

 

 
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card