注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

欢迎光临shaying110的博客

RSed-ISPing

 
 
 

日志

 
 

PIX ACT/ACT Failover配置  

2011-11-27 19:04:17|  分类: CISCO网络 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
PIX ACT/ACT Failover配置 - shaying110 - 欢迎光临shaying110的博客

 

FW1配置:

PIX-1# sh run
: Saved
:
PIX Version 7.2(1) <system>
!
hostname PIX-1
enable password 8Ry2YjIyt7RRXU24 encrypted
no mac-address auto
!
interface Ethernet0
 description LAN Failover Interface
!
interface Ethernet1
 description STATE Failover Interface
!
interface Ethernet2
!
interface Ethernet2.30
 vlan 30
!
interface Ethernet2.40
 vlan 40
!
interface Ethernet3
!
interface Ethernet3.10
 vlan 10     
!
interface Ethernet3.20
 vlan 20
!
interface Ethernet4
!
class default
  limit-resource All 0
  limit-resource ASDM 5
  limit-resource SSH 5
  limit-resource Telnet 5
!

ftp mode passive
pager lines 24
failover
failover lan unit primary
failover lan interface lanfail Ethernet0
failover lan enable
failover link statfail Ethernet1
failover interface ip lanfail 192.168.1.1 255.255.255.0 standby 192.168.1.2
failover interface ip statfail 192.168.10.1 255.255.255.0 standby 192.168.10.2
failover group 1
failover group 2
  secondary
no asdm history enable
arp timeout 14400
console timeout 0

admin-context admin
context admin
  allocate-interface Ethernet4 admin
  config-url flash:/admin
  join-failover-group 1
!

context context1
  allocate-interface Ethernet2.30 outside
  allocate-interface Ethernet3.10 inside
  config-url flash:/context1
  join-failover-group 1
!

context context2
  allocate-interface Ethernet2.40 outside
  allocate-interface Ethernet3.20 inside
  config-url flash:/context2
  join-failover-group 2
!

prompt hostname context
Cryptochecksum:7016e15a1b3d885fdc4a31a804447bb7
: end
PIX-1#   chan con admin
PIX-1/admin# sh run
: Saved
:
PIX Version 7.2(1) <context>
!
hostname PIX-1
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface admin
 nameif admin
 security-level 0
 ip address 10.10.10.1 255.255.255.0 standby 10.10.10.2
!
passwd 2KFQnbNIdI.2KYOU encrypted
pager lines 24
mtu admin 1500
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
!
!
Cryptochecksum:629ed530d8a2f38b840dbb897422f965
: end
PIX-1/admin#    
PIX-1/admin#
PIX-1/admin# chan con context1
PIX-1/context1#
PIX-1/context1# sh run
: Saved
:
PIX Version 7.2(1) <context>
!
hostname context1
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface outside
 nameif outside
 security-level 0
 ip address 172.16.30.1 255.255.255.0 standby 172.16.30.2
!
interface inside
 nameif inside
 security-level 100
 ip address 172.16.10.1 255.255.255.0 standby 172.16.10.2
!
passwd 2KFQnbNIdI.2KYOU encrypted
pager lines 24
mtu outside 1500
mtu inside 1500
monitor-interface outside
monitor-interface inside
icmp permit any outside
icmp permit any inside
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
telnet timeout 5
ssh timeout 5
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy global_policy global
Cryptochecksum:00000000000000000000000000000000
: end
PIX-1/context1#  
PIX-1/context1#
PIX-1/context1#
PIX-1/context1# chan con context2
PIX-1/context2# sh run
: Saved
:
PIX Version 7.2(1) <context>
!
hostname context2
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface outside
 nameif outside
 security-level 0
 ip address 172.16.40.1 255.255.255.0 standby 172.16.40.2
!
interface inside
 nameif inside
 security-level 100
 ip address 172.16.20.1 255.255.255.0 standby 172.16.20.2
!
passwd 2KFQnbNIdI.2KYOU encrypted
pager lines 24
mtu outside 1500
mtu inside 1500
monitor-interface outside
monitor-interface inside
icmp permit any outside
icmp permit any inside
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
telnet timeout 5
ssh timeout 5
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy global_policy global
Cryptochecksum:8b0f35ae19095ccfa064c670983581f6
: end
PIX-1/context2#    

 

FW2配置:

failover
failover lan unit secondary
failover lan interface lanfail Ethernet0
failover lan enable
failover interface ip lanfail 192.168.1.1 255.255.255.0 standby 192.168.1.2

验证:

PIX-1# sh fail
Failover On
Cable status: N/A - LAN-based failover enabled
Failover unit Primary
Failover LAN Interface: lanfail Ethernet0 (up)
Unit Poll frequency 15 seconds, holdtime 45 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 5 of 250 maximum
Version: Ours 7.2(1), Mate 7.2(1)
Group 1 last failover at: 10:00:34 UTC Nov 25 2011
Group 2 last failover at: 10:02:07 UTC Nov 25 2011

  This host:    Primary
  Group 1       State:          Active
                Active time:    360 (sec)
  Group 2       State:          Standby Ready
                Active time:    90 (sec)

                  admin Interface admin (10.10.10.1): Unknown (Waiting)
                  context1 Interface outside (172.16.30.1): Unknown (Waiting)
                  context1 Interface inside (172.16.10.1): Unknown (Waiting)
                  context2 Interface outside (172.16.40.2): Unknown (Waiting)
                  context2 Interface inside (172.16.20.2): Unknown (Waiting)

  Other host:   Secondary
  Group 1       State:          Standby Ready
                Active time:    0 (sec)
  Group 2       State:          Active
                Active time:    270 (sec)

                  admin Interface admin (10.10.10.2): Unknown (Waiting)
                  context1 Interface outside (172.16.30.2): Unknown (Waiting)
                  context1 Interface inside (172.16.10.2): Unknown (Waiting)
                  context2 Interface outside (172.16.40.1): Unknown (Waiting)
                  context2 Interface inside (172.16.20.1): Unknown (Waiting)

Stateful Failover Logical Update Statistics
        Link : statfail Ethernet1 (up)
        Stateful Obj    xmit       xerr       rcv        rerr     
        General         63         0          53         0        
        sys cmd         55         0          53         0        
        up time         0          0          0          0        
        RPC services    0          0          0          0        
        TCP conn        0          0          0          0        
        UDP conn        0          0          0          0        
        ARP tbl         8          0          0          0        
        Xlate_Timeout   0          0          0          0        

        Logical Update Queue Information
                        Cur     Max     Total
        Recv Q:         0       1       79
        Xmit Q:         0       1       63


PIX-1#
PIX-1# sh fail
Failover On
Cable status: N/A - LAN-based failover enabled
Failover unit Secondary
Failover LAN Interface: lanfail Ethernet0 (up)
Unit Poll frequency 15 seconds, holdtime 45 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 5 of 250 maximum
Version: Ours 7.2(1), Mate 7.2(1)
Group 1 last failover at: 10:00:57 UTC Nov 25 2011
Group 2 last failover at: 10:02:07 UTC Nov 25 2011

  This host:    Secondary
  Group 1       State:          Standby Ready
                Active time:    0 (sec)
  Group 2       State:          Active
                Active time:    285 (sec)

                  admin Interface admin (10.10.10.2): Unknown (Waiting)
                  context1 Interface outside (172.16.30.2): Unknown (Waiting)
                  context1 Interface inside (172.16.10.2): Unknown (Waiting)
                  context2 Interface outside (172.16.40.1): Unknown (Waiting)
                  context2 Interface inside (172.16.20.1): Unknown (Waiting)

  Other host:   Primary
  Group 1       State:          Active
                Active time:    375 (sec)
  Group 2       State:          Standby Ready
                Active time:    90 (sec)

                  admin Interface admin (10.10.10.1): Unknown (Waiting)
                  context1 Interface outside (172.16.30.1): Unknown (Waiting)
                  context1 Interface inside (172.16.10.1): Unknown (Waiting)
                  context2 Interface outside (172.16.40.2): Unknown (Waiting)
                  context2 Interface inside (172.16.20.2): Unknown (Waiting)

Stateful Failover Logical Update Statistics
        Link : statfail Ethernet1 (up)
        Stateful Obj    xmit       xerr       rcv        rerr     
        General         49         0          57         0        
        sys cmd         49         0          49         0        
        up time         0          0          0          0        
        RPC services    0          0          0          0        
        TCP conn        0          0          0          0        
        UDP conn        0          0          0          0        
        ARP tbl         0          0          8          0        
        Xlate_Timeout   0          0          0          0        

        Logical Update Queue Information
                        Cur     Max     Total
        Recv Q:         0       1       81
        Xmit Q:         0       1       49
PIX-1#
PIX-1#

  评论这张
 
阅读(242)| 评论(0)
推荐 转载

历史上的今天

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2018