01-31-2019 01:55 AM - edited 02-21-2020 08:43 AM
how to add two static route in firepower threat defense dual isp
for example
i have two subnet inside-zone
A> 10.0.1.1 255.255.255.0
B> 10.0.2.1 255.255.255.0
Two isp
outside zone
ISP1
iSP2
i need to A subnet going traffic isp1 nat and subnet B going to isp2 Nat.is it possible if possible please help how to do that
02-09-2019 09:45 AM
You can definitely accomplish your requirements. Since you have two ISP connections I would recommend using static route tracking. Basically FTD associates a static route using ICMP echo requests. Just make sure the other side can respond to the requests. This will allow both of your subnets to still get out if one of your ISP connections fails in the configured tracking time.
As for your NAT requirement use this link (literally shows step by step):
HTH!
02-10-2019 11:51 PM
Hi
It sound like you're trying to set up policy-based routing which is supported by using FlexConfig. I haven't set it up myself in a production environment but have a look at https://www.youtube.com/watch?v=lakHhw9CR5Y which goes through the steps.
As a pointer to Cisco though, it would be a nice addition to the suggestion box to integrate this feature into the FMC.
Regards
Fredrik
08-24-2022 12:45 PM
Just wanted to update. Its 2022 and the FMC still can't preform like the old ASA could.
ASDM with all its flaws made this easy.
10-21-2022 03:07 PM
What can't it perform? It's pretty easy to create an IP SLA and apply it to a default route in FMC/FTD.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide