ASA basic | fail-over

3 juni 2015 Winfred

Controle context mode:

ASA-lab# sh mode
Security context mode: multiple

Verwijderen call-home config

ASA-lab(config)# clear config call-home
ASA-lab(config)# no service call-home

Aanmaken Admin context:

ASA-lab(config)# admin-context admin
Creating context 'admin'... Done. (1)

Aanmaken interfaces:

interface GigabitEthernet0/0
 channel-group 1 mode active
 speed 1000
!
interface GigabitEthernet0/1
 channel-group 1 mode active
 speed 1000
!
interface GigabitEthernet0/2
 description FailOver HA
 speed 1000
!
interface GigabitEthernet0/3
 description FailOver FT
 speed 1000
!
interface Port-channel1
!
interface Port-channel1.300
 description ASA-Lab HA
 vlan 300
!
interface Port-channel1.301
 description ASA-Lab FT
 vlan 301
!
interface Port-channel1.302
 description ASA-Lab Admin
 vlan 302

Instellen Admin context:

ASA-lab(config)# context admin
ASA-lab(config-ctx)# description Admin-context
ASA-lab(config-ctx)# config-url disk0:/admin-beheer.cfg

WARNING: Could not fetch the URL disk0:/admin-beheer.cfg
INFO: Creating context with default config
INFO: Admin context will take some time to come up .... please wait.

ASA-lab(config-ctx)# allocate-interface interface Port-channel1.302 Beheer

Instellen FO:

interface Redundant1
 member-interface GigabitEthernet0/2

Primary UNIT:

failover 
failover lan unit primary
failover lan interface LAN Redundant1
failover key wachtwoord
failover replication http
failover link LAN Redundant1
failover interface ip LAN 169.254.255.1 255.255.255.252 standby 169.254.255.2
failover group 1
 replication http
 
Secondary UNIT:
 
failover 
failover lan unit secondary
failover lan interface LAN Redundant1
failover key wachtwoord
failover replication http 
failover link LAN Redundant1 
failover interface ip LAN 169.254.255.1 255.255.255.252 standby 169.254.255.2 
failover group 1 
 replication http

Instellen admin context:

ASA-lab# changeto context admin

interface Beheer
 nameif Beheer
 security-level 100
 ip address 192.0.2.1 255.255.255.248 standby 192.0.2.2
!
http server enable
http 192.0.2.0 255.255.255.0 Beheer
!
user-identity default-domain LOCAL
aaa authentication enable console LOCAL 
aaa authentication ssh console LOCAL 
aaa authentication secure-http-client

Cisco, Security