The Cisco ASAv virtual appliance version 9.5(2) was used in this configuration, refer to the previous post on how to configure ASAv in GNS3.Īctive/Standby Failover Configuration ExampleĬonfigure the INSIDE and OUTSIDE interfaces with the Active and Standby IP address The purpose of this blog post is to document the steps to configure the Cisco ASA firewalls in Active/Standby Failover mode. All information sent over the failover/stateful failover links is sent in clear text, to encrypt this information use a failover key (recommended) – VPN pre-shared keys etc would be transmitted over this link, so secure the communication.You could share a regular data interface but NOT recommended.Can used dedicated interface for state or share the Failover Link interface.Stateful Failover Link – Is optional if state information is required to be synchronised between appliances. Configuration replication and synchronisation.The following information is communicated over the Failover Link The failover link can be any spare interface on the ASA. Stateful failover can also be configured this replicates the firewall state information to the standby appliance.įailover Link – the 2 appliances communicate with each other over a failover link. The ASA appliances are connected to each other through a dedicated failover link, this can be any spare interface not currently used. The Cisco ASA supports 2 failover configurations Active/Active (both appliances pass traffic) and Active/Standby (only the active appliance passes traffic, whilst the other appliance is waiting for failure/failover to occur). Identical Cisco ASA firewalls (same hardware, model, interfaces and RAM etc) can be configured for failover, thus allowing for uninterrupted network connectivity. Interface IP-Address OK? Method Status ProtocolįastEthernet0/0 10.1.1.This post describes how to configure ASA Active/Standby failover. ![]() *Mar 1 00:03:42.663: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up Let’s look at the interfaces of R1:Įnter configuration commands, one per line. Since these are IOS images, they will act like real routers, as you’ll see.Īfter R1 loads up, we’ll already be at the enable prompt, due to the configuration files GNS3 includes (they also configure “logging sync” and “exec-time 0 0” on line con 0 for us, and let us bypass that initial configuration dialog). This powers on all devices in the Workspace, as well as launches Solar-Putty and creates tabs for each device: Click the Interface Names icon (this is optional), to display the interfaces on each device, that have been connected together.īelow, the green Start button (marked #1) and the Console button (marked #2) have been selected.Left click FastEthernet0/0 of R1, and connect it to FastEthernet0/0 of R2.In this example we’ll use FastEthernet0/0 of each router to connect them together: Click on a device in your topology to display available interfaces.The mouse cursor will change to indicate that links can be added: Click the Add a Link button to start adding links to your topology. ![]() Click the Toolbar Device button again (or the X in the corner of it) to collapse the group:.Drag and drop the node again into the GNS3 Workspace, which will result in routers R1 and R2 appearing in both the Workspace, and the Topology Summary:. ![]() In this example a router is now available: An instance of the node becomes available in the Workspace.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |