Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
857
Views
0
Helpful
3
Replies

Policy Based Routing and Static routing on Cisco FTD

nstewart
Level 1
Level 1

‎12-19-2018 08:48 AM - edited ‎03-08-2019 04:51 PM

Hi, I am trying to set up Policy Based Routing to enable load sharing across two internet pipes. 

 

The current set up allows all users to browse from a Proxy using a static default route 0.0.0.0 to the internet.

 

Can PBR be used alongside Static Routing? I've tried to set up the necessary match commands and route map for the Source Based Routing but the traffic gets dropped. Packet Trace shows that the route lookup that takes place tries to send the traffic using the Static Route. Any ideas?

 

 

Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎12-19-2018 09:33 AM

You ask one clear question, which is can Policy Based Routing operate alongside Static Routing? The answer to that is that yes PBR can work just fine alongside static routing. To provide assistance beyond that we need a better understanding of the topology of your network, what are you wanting to policy route, and what is in the configuration.

 

HTH

 

Rick

HTH

Rick
0 Helpful

nstewart
Level 1
Level 1
In response to Richard Burts

‎12-20-2018 02:53 AM

Thanks for your reply Richard



We are trying to direct a portion of our web traffic across a 2nd ISP link using Policy Based Routing while having all of the other traffic going through the firewalls main Outside interface. The firewall uses Static Routing and has a default route out to our Main ISP link.



Sample Config below


interface Ethernet1/4.40
description Outside Interface for second ISP
vlan 40
nameif Outside2
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address A.B.C.X 255.255.255.240
policy-route route-map Sch_PBR_Proxy2


route-map Sch_PBR_Proxy2, permit, sequence 10
Match clauses:
ip address (access-lists): SchProxy2

Set clauses:
ip default next-hop A.B.C.Y

[cid:image001.png@01D49852.1ECBCD00]




0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to nstewart

‎12-20-2018 09:23 AM

Thanks for the information. I have two points about what you have shared with us.

- the route map appears to be on the outbound interface. the route map should be applied on the inbound interface.

- you are using set default ip next-hop. I wonder why setting default rather than just setting next-hop.

 

HTH

 

Rick

HTH

Rick
0 Helpful
Top