cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3466
Views
18
Helpful
11
Replies

Policy Based Routing on FTD managed by FDM

wcutajar
Level 1
Level 1

Hi, I'm trying to set up PBR (Route Maps) on FTD managed by FDM but I'm finding it impossible, on ASA it would look something like this

access-list ROUTEMAP-ACL1 extended permit tcp object CloudKey1 any

route-map ROUTEMAP1 permit 10
 match ip address ROUTEMAP-ACL1
 set ip next-hop <IP-ADDRESS-OF-ISP2-GATEWAY>

 I've added the accesslist and the first line of the route-map command via SmartCLI but I'm stuck on how to create the subsequent commands


If I try to use FlexConfig it says that route-map command is blacklisted CLI

 

Any ideas?

11 Replies 11

Jay Ponce
Cisco Employee
Cisco Employee

Please make sure you are running version 6.6 or higher in the FDM and the syntax is the same as ASA.

I am in fact running version 6.6.4, I managed to partially get it to work using a workaround to configure bgp-set-clause to set the next hop as there is a bug which does not let you configure set clause when creating the Route Map in SmartCLI (I have attached a screenshot on how I've set it up.pbr.png

 

After that I created a FlexConfig object to attach the above route map to the interface as per below

 

 

With the above I can confirm that it works however I have an issue that I have no failover for PBR, on an ASA I would have used the following commands:

 

set ip next hop verify-availability 192.168.22.254 track 1

set ip next hop verify-availability 192.168.21.254 track 2

 

which would have enabled failover for PBR using a SLA monitor.

 

I was so excited to move from ASA to FTD but it seems that the product has so much less features. 

Hi,

Can you share the steps how you applied this route-map to the interface?

Thanks

Hi there, I got same issue in terms of applying route-map to the interface, have you found solution?

Without knowing the steps you are taking to create the route-map, we can only provide information on how a route-map is created using FDM.  Check the following link

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-route-maps.html#Cisco_Task_in_List_GUI.dita_bc8a9c84-fe6d-41ff-abbe-8438fe37e35d

 

--
Please remember to select a correct answer and rate helpful posts

I have created same PBR route-map in smart CLI. But please could you share how to apply the object to the desired interface?

Hi to apply an object to interface do the following:

1. Create FlexConfig object with this template:

  interface Ethernetx/x
  policy-route route-map <your route-map name>

2. Go to FlexConfig Policy and add your created object to group list. Then deploy.

Hope this helps.

  

 
 

The more relevant question is why you are running a completely outdated version …

You realize this post is from 2021 right? We decided to move away from Cisco due to lots of these issues, hopefully they have been sorted with newer releases.

Well, I obviously did not realize this. Yes, FDM still has shortcomings that are hard to understand. But overall, the platform evolved really well, and in version 7.2+, there is not much missing.

bad to know that, what issue you face (alot) can you summary it 
thanks 

MHM

Review Cisco Networking for a $25 gift card