Shulou(Shulou.com)06/01 Report--

A _ A _ mode _ HA

Key points:

1. A failover uses multiple modes to active different virtual walls on different physical devices to achieve the purpose of double active.

2. The configuration is mainly done in the primary node, and the secondary node synchronizes the configuration from the primary node, including system and context

3. Secondary node configuration tasks only include: multi-mode enabled, physical interface enabled, failover basic configuration (enable failover, specify as secondary node, specify and name failover lan interface, failover lan interface IP)

Configuration step

1. Prepare the action:

Both the primary node and the secondary node enable multimode

Enable the necessary physical interfaces

2. Primary nodes are configured with failover

Ciscoasa (config) # sh run failover

No failover

Failover lan unit primary

Failover lan interface fo-lan GigabitEthernet2

Failover interface ip fo-lan 192.168.0.1 255.255.255.0 standby 192.168.0.2

Failover group 1

Preempt 60

Failover group 2

Secondary

Preempt 60

Finally, enable failover

3. Construct virtual wall v1 and v2 in primary node, and assign virtual wall association failover group.

Master equipment:

Ciscoasa (config) # sh run context

Admin-context admin

Context admin

Config-url disk0:/admin.cfg

!

Context v1

Allocate-interface GigabitEthernet0 ifinside

Allocate-interface GigabitEthernet1 ifoutside

Config-url disk0:/v1.cfg

Join-failover-group 1

!

Context v2

Allocate-interface GigabitEthernet3 ifinside

Allocate-interface GigabitEthernet4 ifoutside

Config-url disk0:/v2.cfg

Join-failover-group 2

!

4. General configuration of virtual wall

Only the primary node is configured. When Failover is enabled, the secondary node will copy the configuration

Changeto context v1

Sh run

Interface ifinside

Nameif inside

Security-level 100

Ip address 20.0.1.1 255.255.255.0

!

Interface ifoutside

Nameif outside

Security-level 0

Ip address 5.5.5.5 255.255.255.0

!

Changeto context v2

Interface ifinside

Nameif inside

Security-level 100

Ip address 30.0.1.1 255.255.255.0

!

Interface ifoutside

Nameif outside

Security-level 0

Ip address 6.6.6.6 255.255.255.0

!

5. After determining that the failover status of the primary node is normal, configure the basic failover working parameters of the secondary node.

Failover

Failover lan unit secondary

Failover lan interface fo-lan GigabitEthernet2

Failover interface ip fo-lan 172.16.0.1 255.255.255.0 standby 172.16.0.2

6. Wait for configuration synchronization. When the failover status of the secondary node is normal and the preempt threshold is reached, the secondary node will take over group 2.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.