Shulou(Shulou.com)06/01 Report--

A _ A _ mode _ HA

Key points:

1. A failover uses multiple modes to active different virtual walls on different physical devices to achieve the purpose of double active.

2. The configuration is mainly done in the primary node, and the secondary node synchronizes the configuration from the primary node, including system and context

3. Secondary node configuration tasks only include: multi-mode enabled, physical interface enabled, failover basic configuration (enable failover, specify as secondary node, specify and name failover lan interface, failover lan interface IP)

Configuration step

1. Prepare the action:

Both the primary node and the secondary node enable multimode

Enable the necessary physical interfaces

2. Primary nodes are configured with failover

Ciscoasa (config) # sh run failover

No failover

Failoverlan unit primary

Failoverlan interface fo-lan GigabitEthernet2

Failoverinterface ip fo-lan 192.168.0.1 255.255.255.0 standby 192.168.0.2

Failovergroup 1

Preempt 60

Failovergroup 2

Secondary

Preempt 60

Finally, enable failover

3. Construct virtual wall v1 and v2 in primary node, and assign virtual wall association failover group.

Master equipment:

Ciscoasa (config) # sh run context

Admin-contextadmin

Contextadmin

Config-url disk0:/admin.cfg

!

Contextv1

Allocate-interface GigabitEthernet0 ifinside

Allocate-interface GigabitEthernet1 ifoutside

Config-url disk0:/v1.cfg

Join-failover-group 1

!

Contextv2

Allocate-interface GigabitEthernet3 ifinside

Allocate-interface GigabitEthernet4 ifoutside

Config-url disk0:/v2.cfg

Join-failover-group 2

!

4. General configuration of virtual wall

Only the primary node is configured. When Failover is enabled, the secondary node will copy the configuration

Changetocontext v1

Sh run

Interfaceifinside

Nameif inside

Security-level 100

Ip address 20.0.1.1 255.255.255.0

!

Interfaceifoutside

Nameif outside

Security-level 0

Ip address 5.5.5.5 255.255.255.0

!

Changetocontext v2

Interfaceifinside

Nameif inside

Security-level 100

Ip address 30.0.1.1 255.255.255.0

!

Interfaceifoutside

Nameif outside

Security-level 0

Ip address 6.6.6.6 255.255.255.0

!

5. After determining that the failover status of the primary node is normal, configure the basic failover working parameters of the secondary node.

Failover

Failoverlan unit secondary

Failoverlan interface fo-lan GigabitEthernet2

Failoverinterface ip fo-lan 172.16.0.1 255.255.255.0 standby 172.16.0.2

6. Wait for configuration synchronization. When the failover status of the secondary node is normal and the preempt threshold is reached, the secondary node will take over group 2.

Attachment: http://down.51cto.com/data/2364474

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.