Shulou(Shulou.com)06/01 Report--

Cisco ASA FW replacement Active sand Standby Mode

Cisco Firewall replacement

Must make sure the cross connection is there.

Must have written connection for DC to checkmust make sure the lincense is there show verionMust have a roll back plane.Must communication effectively with DC guys.

Show X

Show arp

Show × × ×-session L2l

Sh run nat

Primary A

Gi1/1 to Switch

Gi1/2 to Switch

GI1/8 to Sec B Gi1/8 (cross connect)

Secondary B

New Primay C

New Secondary D

Step 1.

Move all the connection from B to New Secondary D (include cross connect)

Step 2.

Failover over the Active to New Secondary D (in new D failover active)

Show failvoer state

Step 3.

Move all the connection from A to new C.

Show failvoer state

Step 3.

Move the Active FW to new C. (in C failvoer active)

Show xlate

Show arp

Ping host to see if its live

Show-session-l2l to check tunnel status.

Because it was replaced one by one when it was replaced.

As a result, when I changed

For example, when Old Primary and New Sec D do not work, it turns out that the relationship between them

Failover Link is not connected.

Suppose

Old Primary Failvoer link to New Sec D Failover link.

The connection of reality is

New Priamary C Failover link to New Sec D failover link.

Note: cross connect = Failvoer link.

Is the communication connection between the primary firewall and the standby firewall

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.