Cisco FMC FlexConfig configuring PBR

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi welcome to fiber thread defense training video series I'm Nanda in this video we are going to look at how to configure policy-based routing using flex configuration so in this example I have this firepower 2130 box which is running ft d6 or 2.1 i have a three interfaces one inside which is 116 10.1 and then two outside outside one and outside two with one nighted 168 10.1 under one I do 168 11.6 Network the idea of doing a PBR here's if I have a traffic coming from once onto to 16 tinder network it should take the outside one internet and if the traffic coming from 116 Glavin dot X network it should take outside to network since the PBR is not natively supported in FIFO Management Center we are going to use flex con thing along with road map from the FMC to achieve this so in order to achieve PBR use case that I just said now would require this set of configuration to be configured on the box since access list and route map already supported from support on the FMC I'm going to use FMC's to create access list as well as a route map using FMC and then configure this set IP Nick stop as plus and then add the route map to the interface will be done using flex configuration so the one which have highlighted as a bold text are the one which I am going to use the Flex configuration to configure let's do the configuration first I have to go to policy on the object and then create extended hyeseon which which is required to be used on the roadmap but the external you can find it on the under access list so here i've already have two extended ACL that have quality created one is PBR HR and one is PBR - IT you can see the values here just as our requirement axel is PBR - hey char permit IP IP address IP is 116 10.0 to any similarly we have created a one more external ACL with PBR - ideas an easy name so as once I go to 16 law at zero the next is to create a route map game route map is natively supported on fire power management center I can go to the route map and then create a new route map I'll see my TBR and then add those add those route map here I'm gonna click to tour pass one with priority 10 and 20 so let's create 14 and then action as permit which is here and can go to the ipv6 as a matching criteria side of the axle is said it has extended so the easy that we have configured has come up here and select the PBR - hey char so similarly create one more roadmap with 20 has a sequence number matching criteria extra de sel select the ID so the this we have we have configured these parameters with access list we have created an access list object manager we have created a ACL with route map we have configure configure these two parameters this one and one which I've highlighted so next is to go to flex configuration and then configure the power configure the network flex object but before that I would like to create a text object to configure the game face here so let me create a to text object I'll say my gateway one for 192 168 10.5 similarly create one more object as my so what we just did us to create a blue text object one is for this value and the other one is for the next two Gateway value now we can go to flex configuration object and then create a new object I'm going to call this as my PBR so as I said this as when this has been would be created by FMC and then this this particular CLI would be created by FMC all we have to guys add these two lines now to add these two lines first I need to get it to this particular torque map so I can say route map and then call the route map name using insert variable so you can see insert variable route map object managers here I can call this and then define a name for this and then as in the PB a route map which we have created so route map space by route map name and then permit the sequence number esteem you can have the sequence number also as a variable but in this case I'm just using it as a hard-coded string and then set I be followed by the variable that I have to call it here so let me call the way when the etics variable we can say that Gateway - 181 and I understood the distance and then similarly for the next we call the Dean the takes variable for gateway to mr. due to distance to and then track to similarly we can have we have to call that do the same thing for the route map sequence to D remember when you are inserting the variable for the first time you have to insert with the string but once you variable is called out once then subsequent you need not to insert again you can just do a copy-paste in kids in sequence number and then copy this true string and then just change okay so this particular part is over all you have to do is next go to interface and then apply apply it on the outer interface again when you're applying you can call that out a map name so with this I think we have good with good at we have configured the Flex configuration object we had configured all we have closed go to the device and on the Flex configuration add this and then deploy my PBRs here and with us in it and then save the configuration check for preview configuration so you could you can see that on the lake's config app and roadmap and then beneath the roadmap set commands have been inserted and then on the interface policy route has been mapped on the FMC generated CLI you can see that ECL has been created and then and then roadmap for 10 and 20 are being created so let's deploy this policy and then check on the device deployment successful let's check the transcript let's check the transcript and so we can see the objects are being created for ACL and then there is a HDL for PBR - hey char similarly and then it created a route map with sequence number 10 and then it has attached them easy L to it similarly it has create an ACL for PBR I can i T and then associated that with route map sequence number 20 in the in the route map we were able to using flex commit we were able to configure the next idea i next with that tracking and then we have associated the route map using policy not under the interface let's go and verify on the device so we have created successful route map and then if you want you can verify the ecl's and then check interface so you can check the interface that it has added the route map to the to the interface with this we have come to the end of this video I hope you enjoyed it see you soon in the next video but please subscribe to this channel for more videos bye bye
Info
Channel: Securing Networks with Cisco Firepower Threat Defense
Views: 26,807
Rating: undefined out of 5
Keywords: FMC, FlexConfig, FlexConfig PBR, Policy Base routing, Firepower Threat Defense, Firepower Management Center
Id: lakHhw9CR5Y
Channel Id: undefined
Length: 12min 17sec (737 seconds)
Published: Thu Sep 28 2017
Related Videos
Cisco FTD Policy Based Routing
Ahmed Shalaby
14K
Cisco CCNP ENCOR and ENARSI L3 Series 008 - Policy Based Routing and Reliable PBR
Rob Riker's Tech Channel
694
Cisco Anyconnect - Overview of Client Profile or XML Profile
ASAme2
4.8K
Firewall Comparison: Untangle VS pfsense
Lawrence Systems
47K
Cisco ASA Firewall Active/Standby Failover Configuration - Step by Step
TechNet Guide
2.1K
Introduction to FlexConfig on FMC
Securing Networks with Cisco Firepower Threat Defense
8.7K
FMC - Source and Destination SGT Tagging
Cisco Secure Firewall
1K
Configure OSPF on Palo Alto Firewall & Static Route Redistribution
Sec-U-rity
1.8K
Understanding Prefilter policy in FTD
Securing Networks with Cisco Firepower Threat Defense
15K
Firepower IPS Tuning
Katherine McNamara
16K
Cisco FTD Basic Configuration, v6.7 using Firepower Device Management(FDM)
IT Solutions Network
1.4K
How to configure the Cisco FMC: Cisco Firepower 6.2.3 FMC Licensing and System Configuration
Todd Lammle
44K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.