Monthly Archives: August 2018

Cisco Firepower Threat Defense with a PPPoE Connection, no default route?

I have been working recently with Cisco Firepower Threat Defense and came across a difficult issue with using a PPPoE connection, where if the interface was using a dynamic IP address, the default route was not pushed from the ISP to the device, so there was no internet connectivity.

A helpful user on the Cisco commuity forum shared his settings, and there is a misleading tick box “Enable Route Settings” under “Devices > Device Management>  Interfaces” from the Firepower Management Center which needs to be ticked for this to work. This example is for a BT Infinity (VDSL) connection using the Openreach NTE, but will likely work for other ISPs:

BT PPPOE

Cisco’s description of this tick box in their own documentation is not entirely accurate (source – https://www.cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmc-config-guide-v601/fpmc-config-guide-v601_chapter_01101011.pdf page 18):

“Enable Route Settings—To manually configure the PPPoE IP address, check this box and then enter the IP Address.”

Whilst this is true if the IP address box is populated, they fail to mention that its required for a dynamically assigned connection to receive a default route!

Hope this helps someone!