cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1968
Views
16
Helpful
5
Replies

Policy Based Routing on FTD managed by FDM

wcutajar
Level 1
Level 1

Hi, I'm trying to set up PBR (Route Maps) on FTD managed by FDM but I'm finding it impossible, on ASA it would look something like this

access-list ROUTEMAP-ACL1 extended permit tcp object CloudKey1 any

route-map ROUTEMAP1 permit 10
 match ip address ROUTEMAP-ACL1
 set ip next-hop <IP-ADDRESS-OF-ISP2-GATEWAY>

 I've added the accesslist and the first line of the route-map command via SmartCLI but I'm stuck on how to create the subsequent commands


If I try to use FlexConfig it says that route-map command is blacklisted CLI

 

Any ideas?

5 Replies 5

Jay Ponce
Cisco Employee
Cisco Employee

Please make sure you are running version 6.6 or higher in the FDM and the syntax is the same as ASA.

I am in fact running version 6.6.4, I managed to partially get it to work using a workaround to configure bgp-set-clause to set the next hop as there is a bug which does not let you configure set clause when creating the Route Map in SmartCLI (I have attached a screenshot on how I've set it up.pbr.png

 

After that I created a FlexConfig object to attach the above route map to the interface as per below

 

 

With the above I can confirm that it works however I have an issue that I have no failover for PBR, on an ASA I would have used the following commands:

 

set ip next hop verify-availability 192.168.22.254 track 1

set ip next hop verify-availability 192.168.21.254 track 2

 

which would have enabled failover for PBR using a SLA monitor.

 

I was so excited to move from ASA to FTD but it seems that the product has so much less features. 

Hi,

Can you share the steps how you applied this route-map to the interface?

Thanks

Hi there, I got same issue in terms of applying route-map to the interface, have you found solution?

Without knowing the steps you are taking to create the route-map, we can only provide information on how a route-map is created using FDM.  Check the following link

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-route-maps.html#Cisco_Task_in_List_GUI.dita_bc8a9c84-fe6d-41ff-abbe-8438fe37e35d

 

--
Please remember to select a correct answer and rate helpful posts
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: