Scribd
Upload
140 views5 pages

Active Standby Failover Configuration

This document contains configuration files for an ASA firewall and a router set up for failover. The ASA has interfaces configured for inside, outside, and failover networks. It is configured as the primary unit in a failover pair with IP addresses for the failover and state links. The router connects the inside network to the ASA and default route and has interfaces for inside and the ASA.

Uploaded by

Hai Pham Van
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
140 views5 pages

Active Standby Failover Configuration

This document contains configuration files for an ASA firewall and a router set up for failover. The ASA has interfaces configured for inside, outside, and failover networks. It is configured as the primary unit in a failover pair with IP addresses for the failover and state links. The router connects the inside network to the ASA and default route and has interfaces for inside and the ASA.

Uploaded by

Hai Pham Van
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

ACTIVE / STANDBY FAILOVER CONFIGURATION

ASA CONFIGURATION
CERTVIDEOS/pri/act# show running-config
: Saved
:
ASA Version 8.4(2)
!
terminal width 300
hostname CERTVIDEOS
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0

nameif inside
security-level 100
ip address 192.168.1.2 255.255.255.0 standby 192.168.1.3
!
interface GigabitEthernet1
description LAN Failover Interface
!
interface GigabitEthernet2
description STATE Failover Interface
!
interface GigabitEthernet3
nameif outside
security-level 0
ip address 172.16.1.2 255.255.255.0 standby 172.16.1.3
!
interface GigabitEthernet4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet5
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
access-list inside-in extended permit ip any any
access-list outside-in extended permit ip any any
pager lines 24
mtu inside 1500
mtu outside 1500
failover
failover lan unit primary
failover lan interface FOLINK GigabitEthernet1
failover key *****
failover link SFLINK GigabitEthernet2
failover interface ip FOLINK 192.168.2.2 255.255.255.0 standby 192.168.2.3
failover interface ip SFLINK 192.168.3.2 255.255.255.0 standby 192.168.3.3
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
access-group inside-in in interface inside
access-group outside-in in interface outside
route inside 10.1.1.0 255.255.255.0 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
console timeout 0
!
tls-proxy maximum-session 10000
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
!
prompt hostname priority state
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
crashinfo save disable
Cryptochecksum:bd192395403272e1f78f2c653a6c6723
: end
CERTVIDEOS/pri/act#

ROUTER CONFIGURATION
ROUTER#show running-config
Building configuration...
Current configuration : 811 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
archive
log config
hidekeys
!
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!

ip forward-protocol nd
ip route 172.16.0.0 255.255.0.0 192.168.1.2
!
!
no ip http server
no ip http secure-server
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
ROUTER#

You might also like