![]() ![]() This Cisco ASA training course addresses all the objectives for exam 642-618 (Firewall v2), which is part of the Cisco Firewall Specialist, ASA Specialist and CCNP Security certifications. By the time you finish this Cisco ASA training, you'll be able to return to your network with confidence in the care and feeding of the ASA. In this "soup-to-dessert" Cisco ASA training course, trainer Keith Barker walks you through the entire process of implementing the ASA on the network, beginning with bootstrapping the ASA so that it will allow basic management, all the way to configuring advanced features such as the new Network Address Translation (NAT, which changed between versions 8.2 and 8.3), redundant interfaces, etherchannel, transparent L2 firewall services, multiple-contexts (virtual firewalls), application layer inspection, failover for high availability (HA), and more. Prompt hostname priority stateAfter configuring the prompt, the prompt on ASA devices will look like this:ĪSA1/pri/act# ASA1/sec/stby#Note that the default hostname will be the same for both active and standby units, due to the configuration being replicated.Firewalls have come a long way over the years, and the Cisco Adaptive Security Appliance (ASA) firewall has as well. Change the prompt to show Primary or Secondary and Active or Standby.Optionally, also replicate the HTTP sessions.Optional Configuration The above configuration is enough to run failover on ASA devices, but you could additionally configure some optional parameters for extra features. ![]() On the standby unit, we just need to do the following configuration, and the rest will be automatically replicated from the Active device. ![]() ! Tell this ASA that it's title will be "PRIMARY" ![]() Note that the word 'link' is the clue to identify this as the stateful connectionįailover interface ip LINK_FAIL 10.2.2.1 255.255.255.252 standby 10.2.2.2 ! Tell the ASA that G4 will be named "LINK_FAIL" and assign the IP address for active ! Use the failover command to assign "LAN_FAIL" the activeįailover interface ip LAN_FAIL 10.1.1.1 255.255.255.252 standby 10.1.1.2 ! to replicate the configuration between ASA1 and ASA2įailover lan interface LAN_FAIL GigabitEthernet3 ! Tell the ASA that G3 will be named "LAN_FAIL" and that it will be used ! the standby address that will be used by the unit in standby mode ! Apply the IP address along with the keword "standby" and ! Bring up the interfaces that will be used for lan failover (G3) and state failover (G4) In this document we will be using the Cisco ASA with image of version 8.4(x) and topology as described in the below image. Now let's dive in to the configuration of Active-Standby Failover.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |