Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
358
Views
3
Helpful
4
Replies

VRF Question

Go to solution
N3om
Level 3
Level 3

‎02-16-2026 03:21 AM

Hi
We ahve an FTD and subnet 172.16.251.0/24 ingresses via a sub-interface in global routing then egresses via an interface in a user deifned vrf, my question is how do I route the return traffic to 172.16.251.0/24

1. Do I add a static route in the vrf pointing to the global interface for 172.16.251.0/24

2. Do I just add a static route in global pointing to the 172.16.251.0/24 network via the global interface

 

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP
In response to N3om

‎02-16-2026 04:54 AM

considering the ingress interface is on global routing table, and if you intend to send traffic back, it should be necessary one static route return the traffic on that interface. 

View solution in original post

4 Replies 4

Go to solution
M02@rt37
VIP
VIP

‎02-16-2026 03:57 AM

Hello @N3om 

You need route leaking ...

Explore this documentation please: https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-virtual-routers.html

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Go to solution
Flavio Miranda
VIP
VIP

‎02-16-2026 04:07 AM

@N3om 

 This is a trick question. 

 Does it means that the ingress traffic via global routing table and egress traffic via vrf is working currently? 

 Why the return traffic is not using the same interface as ingress traffic?  

If you say "egresses via an interface in a user deifned vrf", then you might already have a routing send egress traffic to interface with vrf. 

Wondering if this is not cause assymetric routing. 

Go to solution
N3om
Level 3
Level 3
In response to Flavio Miranda

‎02-16-2026 04:30 AM

@Flavio Miranda 

 Does it means that the ingress traffic via global routing table and egress traffic via vrf is working currently?  YES

 Why the return traffic is not using the same interface as ingress traffic?  Thats the question we dont have a route to the subnet yet

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to N3om

‎02-16-2026 04:54 AM

considering the ingress interface is on global routing table, and if you intend to send traffic back, it should be necessary one static route return the traffic on that interface. 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card