B-22
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Appendix B Sample Configurations
Example 9: LAN-Based Active/Active Failover (Routed Mode)
password mypassword
interface Ethernet0
nameif outside
ip address 209.165.201.1 255.255.255.224 standby 209.165.201.2
no shutdown
interface Ethernet1
nameif inside
ip address 192.168.2.1 255.255.255.0 standby 192.168.2.2
no shutdown
interface Ethernet2
description LAN Failover Interface
no shutdown
interface ethernet3
description STATE Failover Interface
telnet 192.168.2.45 255.255.255.255 inside
access-list acl_out permit tcp any host 209.165.201.5 eq 80
failover
failover lan unit primary
failover lan interface failover Ethernet2
failover lan enable
! The failover lan enable command is required on the PIX security appliance only.
failover polltime unit msec 200 holdtime msec 800
failover key key1
failover link state Ethernet3
failover interface ip failover 192.168.254.1 255.255.255.0 standby 192.168.254.2
failover interface ip state 192.168.253.1 255.255.255.0 standby 192.168.253.2
global (outside) 1 209.165.201.3 netmask 255.255.255.224
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 209.165.201.5 192.168.2.5 netmask 255.255.255.255 0 0
access-group acl_out in interface outside
route outside 0.0.0.0 0.0.0.0 209.165.201.4 1
Example 8: Secondary Unit Configuration
failover
failover lan unit secondary
failover lan interface failover ethernet2
failover lan enable
failover key key1
failover interface ip failover 192.168.254.1 255.255.255.0 standby 192.168.254.2
Example 9: LAN-Based Active/Active Failover (Routed Mode)
The following example shows how to configure Active/Active failover. In this example there are 2 user
contexts, named admin and ctx1. Figure B-8 shows the network diagram for the example.
To Next Page
Loading...
Need help?
General