Hi

yes the GTW are in the same subnet (192.168.0.0/22) and i can ping it 

#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/9 ms

See routing Table :

#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is 192.168.0.250 to network 0.0.0.0

S*    0.0.0.0/0 [200/0] via 192.168.0.250
      10.0.0.0/8 is variably subnetted, 17 subnets, 3 masks
C        10.1.0.0/24 is directly connected, Vlan100
L        10.1.0.2/32 is directly connected, Vlan100
**********Other Routes in 10.0.0.0 subnets************
L        10.47.85.128/32 is directly connected, Virtual3
C     192.168.0.0/22 is directly connected, Vlan1
      192.168.1.0/32 is subnetted, 1 subnets
L        192.168.1.7 is directly connected, Vlan1

For Traceroute:

#traceroute 8.8.8.8
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
  1 72.142.127.41 9 msec 33 msec 8 msec --> is My Wan GTW on my secondary internet link
  2 209.148.252.106 8 msec 8 msec 8 msec
  3 209.148.249.214 25 msec 17 msec 0 msec
  4 209.148.229.225 17 msec 25 msec 8 msec
  5 209.148.235.137 17 msec
    209.148.230.14 25 msec 17 msec
  6 72.14.222.87 16 msec 33 msec 16 msec
  7 108.170.250.225 9 msec 8 msec 34 msec
  8 108.170.227.43 16 msec
    108.170.227.171 8 msec
    108.170.236.11 34 msec
  9 google-public-dns-a.google.com (8.8.8.8) 16 msec 42 msec 16 msec

Can you clarify?

You have an SVI for vlan 1 on the 3750 with IP address of 192.168.1.7?

The peer IPs are 192.168.1.1 and 192.168.0.250

They are all in a /22 subnet?

HTH

Yes all ip are in VLAN1

192.168.0.0/22

129.168.1.7 : Is my Core Switch 3750

192.168.1.1 is my FireWall-1 (Primary internet link)

192.168.0.250 is My FireWall-2 (Secondary internet link)

Can you try the same default routes without the tracking configuration and see if the primary shows up in the routing table?

Also, what is the output of "sh ver" from the 3750?

HTH

Hi

Can you explain me what you are saying by : "without the tracking configuration" 

There is the show version :

#sh vers
Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9-M), Version 15.2(4)E5, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Mon 18-Sep-17 06:58 by prod_rel_team

ROM: Bootstrap program is C3750E boot loader
BOOTLDR: C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)

**SWITCHNAME** uptime is 16 weeks, 4 days, 14 hours, 11 minutes
System returned to ROM by power-on
System restarted at 06:35:53 UTC Fri Dec 8 2017
System image file is "flash:/c3750e-universalk9-mz.152-4.E5/c3750e-universalk9-mz.152-4.E5.bin"
Last reload reason: power-on

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

License Level: ipbase
License Type: Permanent
Next reload license Level: ipbase

cisco WS-C3750X-24 (PowerPC405) processor (revision A0) with 262144K bytes of memory.
Processor board ID FDO152*****
Last reset from power-on
22 Virtual Ethernet interfaces
1 FastEthernet interface
56 Gigabit Ethernet interfaces
4 Ten Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : 44:D3:CA:**:**:**
Motherboard assembly number     : 73-12530-05
Motherboard serial number       : FDO152*****
Model revision number           : A0
Motherboard revision number     : B0
Model number                    : WS-C3750X-24T-S
Daughterboard assembly number   : 800-32727-01
Daughterboard serial number     : FDO152*****
System serial number            : FDO152*****
Top Assembly Part Number        : 800-31327-02
Top Assembly Revision Number    : C0
Version ID                      : V02
CLEI Code Number                : COMJV*****
Hardware Board Revision Number  : 0x03

Switch Ports Model                     SW Version            SW Image
------ ----- -----                     ----------            ----------
     1 30    WS-C3750X-24              15.2(4)E5             C3750E-UNIVERSALK9-M
*    2 30    WS-C3750X-24              15.2(4)E5             C3750E-UNIVERSALK9-M

Switch 01
---------
Switch Uptime                   : 16 weeks, 4 days, 12 hours, 42 minutes
Base ethernet MAC Address       : 44:D3:CA:**:**:**
Motherboard assembly number     : 73-12530-05
Motherboard serial number       : FDO152*****
Model revision number           : A0
Motherboard revision number     : B0
Model number                    : WS-C3750X-24T-S
Daughterboard assembly number   : 800-32727-01
Daughterboard serial number     : FDO152*****
System serial number            : FDO152*****
Top assembly part number        : 800-31327-02
Top assembly revision number    : C0
Version ID                      : V02
CLEI Code Number                : COMJV*****
License Level                   : ipbase
License Type                    : Permanent
Next reboot licensing Level     : ipbase

Configuration register is 0xF

Hi,

Please share your configuration so that we could see where the static route is blocked. There could be a policy or an access-list blocking the traffic. Also, share us the output of "sh ip sla statistics".

Hi

Here is the informations :

#sh ip sla statistics
IPSLAs Latest Operation Statistics

IPSLA operation id: 1
        Latest RTT: 23 milliseconds
Latest operation start time: 18:09:26 UTC Thu Apr 5 2018
Latest operation return code: OK
Number of successes: 525
Number of failures: 0
Operation time to live: Forever

IPSLA operation id: 2
        Latest RTT: 9 milliseconds
Latest operation start time: 18:09:26 UTC Thu Apr 5 2018
Latest operation return code: OK
Number of successes: 523
Number of failures: 1
Operation time to live: Forever

What I mean is this

ip route 0.0.0.0 0.0.0.0 192.168.1.1 
ip route 0.0.0.0 0.0.0.0 192.168.0.250 200

no ip local policy route-map ICMP_SLA

So, no sla policy and no track at the end of the first default route.

Also, looking at your switch, you have IP Base license. In order to run SLA, IP Services license needed but let's try above and see if the first default route shows up in the routing table.

HTH

Hi

just to make sure there is a risk of losing the connection with the switch by disabling IP SLA?
My Switch is remote (several hundred kilometers)

Thanks