Scribd
Upload
12 views3 pages

ASA - Lab 3-Cau Hinh Active-Standby

The document outlines the configuration steps for setting up a high availability (HA) firewall system using Active/Standby mode on ASA devices. It includes basic configurations for IP addresses, DHCP, ASDM, routing, and failover settings, as well as monitoring interfaces. The document also describes testing the HA functionality by simulating failover scenarios.

Uploaded by

quanhip707
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
12 views3 pages

ASA - Lab 3-Cau Hinh Active-Standby

The document outlines the configuration steps for setting up a high availability (HA) firewall system using Active/Standby mode on ASA devices. It includes basic configurations for IP addresses, DHCP, ASDM, routing, and failover settings, as well as monitoring interfaces. The document also describes testing the HA functionality by simulating failover scenarios.

Uploaded by

quanhip707
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

chuongnh@bkacad.

com BKACAD
(CCAI)

ASA-Lab 3-Cấu hình firewall sẵn sàng cao : Active/Standby

Device Ip address Interface name/Security level Device Ip address


ASA-E0/0 10.0.0.1 FOLINK
ASA-E0/1 192.168.1.1 inside/100
ASA-E0/2 200.1.1.1 outside/100

1. Cấu hình cơ bản cho ASA (IP, ASDM, routing)


2. Cấu hình HA (Active/Standby), dung G0/0 là Failover Link.

ANSWER :

Chưa được kết nối cổng G0/0 giữa hai firewall.

Bước 1 : Cấu hình cơ bản

ASA-1-ACTIVE(config)# int g0/1


ASA-1-ACTIVE(config)# nameif inside
ASA-1-ACTIVE(config)# security-level 100
ASA-1-ACTIVE(config)# ip address 192.168.1.1 255.255.255.0 standby 192.168.1.2
!
ASA-1-ACTIVE(config)# int g0/2
[email protected] BKACAD
(CCAI)

ASA-1-ACTIVE(config)# nameif outside


ASA-1-ACTIVE(config)# security-level 0
ASA-1-ACTIVE(config)# ip address 200.1.1.1 255.255.255.0 standby 200.1.1.2

ASA-1-ACTIVE(config)# interface GigabitEthernet0/0


ASA-1-ACTIVE(config)# no shut

Cấu hình DHCP, Cấu hình ASDM :

ASA-1-ACTIVE(config)# dhcpd address 192.168.1.10-192.168.1.100 inside


ASA-1-ACTIVE(config)# dhcpd enable inside
!
ASA-1-ACTIVE(config)# http server enable
ASA-1-ACTIVE(config)# http 192.168.1.0 255.255.255.0 inside
ASA-1-ACTIVE(config)# username admin password cisco privilege 15
ASA-1-ACTIVE(config)# aaa authentication http console LOCAL

Cấu hình định tuyến :

ASA-1-ACTIVE(config)# route outside 0.0.0.0 0.0.0.0 200.1.1.3

Bước 2 : Cấu hình FAILOVER

ASA-1-ACTIVE(config)# failover lan unit primary


ASA-1-ACTIVE(config)# failover lan interface FOLINK GigabitEthernet0/0
ASA-1-ACTIVE(config)# failover link FOLINK GigabitEthernet0/0
ASA-1-ACTIVE(config)# failover interface ip FOLINK 10.0.0.1 255.255.255.252 standby 10.0.0.2
ASA-1-ACTIVE(config)# failover

Cấu hình theo dõi interface :


ASA-1-ACTIVE(config)# monitor-interface inside
ASA-1-ACTIVE(config)# monitor-interface outside

Bước 3 : Cấu hình cho FIREWALL BACK UP

ASA-1-ACTIVE(config)# interface GigabitEthernet0/0


ASA-1-ACTIVE(config)# no shut
ASA-1-ACTIVE(config)# failover lan unit secondary
ASA-1-ACTIVE(config)# failover lan interface FOLINK GigabitEthernet0/0
ASA-1-ACTIVE(config)# failover link FOLINK GigabitEthernet0/0
ASA-1-ACTIVE(config)# failover interface ip FOLINK 10.0.0.1 255.255.255.252 standby 10.0.0.2
ASA-1-ACTIVE(config)# failover
[email protected] BKACAD
(CCAI)

Test hoạt động của HA :

Tháo cổng G0/2 trên con Primary. Theo dõi con Backup :

ASA-1-ACTIVE# Waiting for the earlier webvpn instance to terminate...


Previous instance shut down. Starting a new one.

Switching to Active
Đấu lại cổng G0/2, tháo cổng G0/1 trên con Primary :

ASA-1-ACTIVE(config)# Waiting for the earlier webvpn instance to terminate...


Previous instance shut down. Starting a new one.

Switching to Standby

Cấu hình qua giao diện ASDM :

You might also like