6509 FWSM Failover A/S模式（防火墙模块）

黑客攻击类工具讲解-Ha

Intrusion De

Mar 25

Tony , 21:52 , 思科技术 » 网络安全 , 评论(4) , 引用(0) , 阅读(2488) , Via 本站原创

大 | 中 | 小

前阶段做的防火墙模块的Failover配置，没有配置太多功能，供大家参考！
拓扑结构：Outside--VLAN 50 ,Inside--VLAN 49
6509-A---------------6509-B
  |                    |
  |                    |
6509-C---------------6509-D
  |                    |
  |                    |---Outside VLAN 50
  |                    |
FWSM                 FWSM
  |                    |--Inside VLAN 49
Server               Server

主防火墙配置：

Show module
configure terminal
firewall module 2 vlan-group 1
firewall vlan-group 1 49,50,51
firewall autostate
exit
session slot 2 proc 1
       enable
       configure terminal
interface Vlan49
nameif inside
security-level 100
ip address 10.252.49.254 255.255.255.0 standby 10.252.49.253
no shutdown
exit
interface Vlan50
nameif outside
security-level 0
ip address 10.252.50.1 255.255.255.0 standby 10.252.50.2
no shutdown
interface Vlan51
  description LAN/STATE Failover Interface
no shutdown

failover lan unit primary
failover lan interface failover Vlan51
failover link failover Vlan51
failover interface ip failover 192.168.100.1 255.255.255.252 standby 192.168.100.2
failover

icmp permit any inside
icmp permit any outside

route  outside  0.0.0.0  0.0.0.0  10.252.50.254

access-list outside-to-inside permit ip 10.0.0.0 255.0.0.0 10.252.50.0 255.255.255.0
access-list outside-to-inside permit ip 172.16.0.0 255.255.0.0 10.252.50.0 255.255.255.0
access-list outside-to-inside permit icmp any any

access-group outside-to-inside in interface outside

access-list inside-to-outside permit ip any any
access-list inside-to-outside permit icmp any any
access-group inside-to-outside in interface inside

monitor-interface inside
monitor-interface outside

备墙配置

Show module
configure terminal
firewall module 2 vlan-group 1
firewall vlan-group 1 49,50,51
firewall autostate
session slot 2 proc 1

interface Vlan51
   description LAN/STATE Failover Interface
no shutdown
failover lan unit secondary
failover lan interface failover Vlan51
failover link failover Vlan51
failover interface ip failover 192.168.100.1 255.255.255.252 standby 192.168.100.2
faiover

作者：Tony Liu(admin#myccie.net)
地址：http://myccie.net/read.php?125
版权所有。转载时必须链接形式注明作者和原始出处及本声明！

2009/04/02 08:39 Tony

谢谢，依然烂然！你的论坛做的不错嘛！

2009/04/01 20:31 依然烂然

支持支持涛哥

好文章！！！！

2009/03/26 09:58 Tony

Failover切换时间是可以调的，可以调到ms级别！

2009/03/26 08:25 闻池御

Failover 恢复的速度相当慢。。不过还是看看吧。

分页： 1/1

< 2010 > < 9 >
日	一	二	三	四	五	六
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

MyCCIE.NET

6509 FWSM Failover A/S模式（防火墙模块）

个人宣言

About Me

分类

日历

最新日志

随机日志

综合点击排行

最新评论

评论排行

赞助广告

最新留言

统计

链接

归档

其他