Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1660
Views
0
Helpful
0
Replies

Policy based Routing on FTD (with FMC)

fuhdan
Level 1
Level 1

‎07-21-2020 03:04 AM

Hi

I have a FTD with one Outside interface and a Interface on a MPLS network. By default, all traffic is passing the outside interface. Traffic to an other site is routet through a S2S VPN. Everthing works fine. But if the Internet goes down (also VPN Tunnel), everthing is routed via the MPLS exept the Traffic for the VPN tunnel. This traffic still tries to pass the ouside Interface.

 

Normal status:

> show route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, V - VPN
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
SI - Static InterVRF
Gateway of last resort is 146.4.87.13 to network 0.0.0.0

S* 0.0.0.0 0.0.0.0 [1/0] via 146.4.87.13, outside
C 146.4.87.12 255.255.255.252 is directly connected, outside
L 146.4.87.14 255.255.255.255 is directly connected, outside
C 192.168.2.0 255.255.255.0 is directly connected, bns
L 192.168.2.99 255.255.255.255 is directly connected, bns
V 192.168.11.0 255.255.255.0 connected by VPN (advertised), outside
V 192.168.100.0 255.255.255.0 connected by VPN (advertised), outside
V 192.168.101.0 255.255.255.0 connected by VPN (advertised), outside
V 192.168.102.0 255.255.255.0 connected by VPN (advertised), outside
C 192.168.202.0 255.255.255.0 is directly connected, inside
L 192.168.202.1 255.255.255.255 is directly connected, inside

 

In the failur situation:

> show route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, V - VPN
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
SI - Static InterVRF
Gateway of last resort is 192.168.2.1 to network 0.0.0.0

S* 0.0.0.0 0.0.0.0 [2/0] via 192.168.2.1, bns
C 146.4.87.12 255.255.255.252 is directly connected, outside
L 146.4.87.14 255.255.255.255 is directly connected, outside
C 192.168.2.0 255.255.255.0 is directly connected, bns
L 192.168.2.99 255.255.255.255 is directly connected, bns
V 192.168.11.0 255.255.255.0 connected by VPN (advertised), outside
V 192.168.100.0 255.255.255.0 connected by VPN (advertised), outside
V 192.168.101.0 255.255.255.0 connected by VPN (advertised), outside
V 192.168.102.0 255.255.255.0 connected by VPN (advertised), outside
C 192.168.202.0 255.255.255.0 is directly connected, inside
L 192.168.202.1 255.255.255.255 is directly connected, inside

 

How can I change this, so the VPN traffic is passing the MPLS as all the other traffic?

 

The default route:

ip route 0.0.0.0 0.0.0.0 146.4.87.13 1 track 1

ip route 0.0.0.0 0.0.0.0 192.168.2.1 2

 

 

Thanks for any help.

 

Best Regards,

Daniel

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card