Hello Do you mean the current setup is in an active/standby state on the fws.
This question would be best suited for the security/firewall forum -although with the exceptional experience on CSC am sure some else will be able to answer your question on here also much better than I can.
However my basic understanding to you query is that there are some necessary requirements prior to applying active/active fw mode
1) same hardware /iOS version / fw mode and correct licence ( I think unrestricted) on each fw 2) only works with multiple fw contexts 3) static routing only plus ISP addressing needs to be static also (basically no dynamic routing)
My first question is, are these "ISP Links" form the same ISP or different ISPs? Also, do you have network address space that is assigned to you, and if so, is this Provider Independent or Provider Assigned address space (IE Public Network).
Now that those question are over, Do both your two ISP Routers connected to your Core on the internal network? If so, you can also do load balancin gto pick ISP1 and or ISP2 at the same time, but with two different firewalls, you can run into asymetric routing issues, which can cause lots of firewall issues, due to the fact, that is you establish a TCP connection to Web Server 126.96.36.199 and then the traffic comes back to the other firewall, it's not going to have this stateful information saved (so to speak), and will drop the connection.
3. Right now i don't have any servers hosted in network which people access from outside. My only intention is to make both the internet links are utilized at same time(for browsing, and also if one link goes down the traffic should continue to go on the other link).
Depending on how many vlans you have, you might just want to configure Policy Based Routing(PBR), and have half of your vlans go to one ISP and the other half go to the other, from that you can configuire ip sla tracking, and if connection to your upstream next hop on either ISP goes down, it takes that route down, and everything else is routed out the one up ISP.
This would provide redundancy incase of an ISP failure, and load balancing as well.
When you configure 'ip sla' I would incorporate the 'icmp-echo' feature, and set the ip to 188.8.131.52, and the source IP, as the IP configured on that link to the ISP from your router(s). The reason why I say 184.108.40.206, if your directly connected link to your ISP fails, then that will fail as well, also, there could be an issue upstream in you rISPs bcakbone, and then traffic could go out another link in your ISPs core.
I would configure this on you core, if you have both of your routers connected to your core that is.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.