Firewall Stateful in IOS Firewall active/active scenario
I have 2 routers 7201 wich has connectivity with various ISPs.
First router has connectivity with ISP A and ISP B1, and router B has connectivity with ISP B2, wich acts as backup of ISP B1 of router A.
These routers have configured BGP.
By default, only route from A router (it has configured HSRP in inside interface).
If ISP B1 goes down, depends on destination AS, routerA routes to ISP A, or reroute to ISP B2 (router B).
Only if router A crashes, all trafic is routed to router (ISP B2)by means of HSRP.
I have applied ACLs in WAN interface (outside), but sometimes we originate some trafic from inside interface (LAN).
To solve this issue, I use classic ip inspect.
If ISP B1 or router A goes down, inspected traffic are droped because router B has not any list with inspected packets by routerA, and ACL in ISP B2 deny traffic.
I readed about Firewall Stateful Failover, but I think I must be not configure it, because sometimes can route with 2 routers at the same time, and Stateful Failover is designed to use an active/backup scenario.
How could I configure Stateful Failover? Must I change BGP route policy?
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.