6509 FWSM Failover A/S模式(防火墙模块) 
前阶段做的防火墙模块的Failover配置,没有配置太多功能,供大家参考!
拓扑结构:Outside--VLAN 50 ,Inside--VLAN 49
6509-A---------------6509-B
| |
| |
6509-C---------------6509-D
| |
| |---Outside VLAN 50
| |
FWSM FWSM
| |--Inside VLAN 49
Server Server
主防火墙配置:
Show module
configure terminal
firewall module 2 vlan-group 1
firewall vlan-group 1 49,50,51
firewall autostate
exit
session slot 2 proc 1
enable
configure terminal
interface Vlan49
nameif inside
security-level 100
ip address 10.252.49.254 255.255.255.0 standby 10.252.49.253
no shutdown
exit
interface Vlan50
nameif outside
security-level 0
ip address 10.252.50.1 255.255.255.0 standby 10.252.50.2
no shutdown
interface Vlan51
description LAN/STATE Failover Interface
no shutdown
failover lan unit primary
failover lan interface failover Vlan51
failover link failover Vlan51
failover interface ip failover 192.168.100.1 255.255.255.252 standby 192.168.100.2
failover
icmp permit any inside
icmp permit any outside
route outside 0.0.0.0 0.0.0.0 10.252.50.254
access-list outside-to-inside permit ip 10.0.0.0 255.0.0.0 10.252.50.0 255.255.255.0
access-list outside-to-inside permit ip 172.16.0.0 255.255.0.0 10.252.50.0 255.255.255.0
access-list outside-to-inside permit icmp any any
access-group outside-to-inside in interface outside
access-list inside-to-outside permit ip any any
access-list inside-to-outside permit icmp any any
access-group inside-to-outside in interface inside
monitor-interface inside
monitor-interface outside
备墙配置
Show module
configure terminal
firewall module 2 vlan-group 1
firewall vlan-group 1 49,50,51
firewall autostate
session slot 2 proc 1
interface Vlan51
description LAN/STATE Failover Interface
no shutdown
failover lan unit secondary
failover lan interface failover Vlan51
failover link failover Vlan51
failover interface ip failover 192.168.100.1 255.255.255.252 standby 192.168.100.2
faiover
作者:Tony Liu(admin#myccie.net)
地址:http://myccie.net/read.php?125
版权所有。转载时必须链接形式注明作者和原始出处及本声明!
拓扑结构:Outside--VLAN 50 ,Inside--VLAN 49
6509-A---------------6509-B
| |
| |
6509-C---------------6509-D
| |
| |---Outside VLAN 50
| |
FWSM FWSM
| |--Inside VLAN 49
Server Server
主防火墙配置:
Show module
configure terminal
firewall module 2 vlan-group 1
firewall vlan-group 1 49,50,51
firewall autostate
exit
session slot 2 proc 1
enable
configure terminal
interface Vlan49
nameif inside
security-level 100
ip address 10.252.49.254 255.255.255.0 standby 10.252.49.253
no shutdown
exit
interface Vlan50
nameif outside
security-level 0
ip address 10.252.50.1 255.255.255.0 standby 10.252.50.2
no shutdown
interface Vlan51
description LAN/STATE Failover Interface
no shutdown
failover lan unit primary
failover lan interface failover Vlan51
failover link failover Vlan51
failover interface ip failover 192.168.100.1 255.255.255.252 standby 192.168.100.2
failover
icmp permit any inside
icmp permit any outside
route outside 0.0.0.0 0.0.0.0 10.252.50.254
access-list outside-to-inside permit ip 10.0.0.0 255.0.0.0 10.252.50.0 255.255.255.0
access-list outside-to-inside permit ip 172.16.0.0 255.255.0.0 10.252.50.0 255.255.255.0
access-list outside-to-inside permit icmp any any
access-group outside-to-inside in interface outside
access-list inside-to-outside permit ip any any
access-list inside-to-outside permit icmp any any
access-group inside-to-outside in interface inside
monitor-interface inside
monitor-interface outside
备墙配置
Show module
configure terminal
firewall module 2 vlan-group 1
firewall vlan-group 1 49,50,51
firewall autostate
session slot 2 proc 1
interface Vlan51
description LAN/STATE Failover Interface
no shutdown
failover lan unit secondary
failover lan interface failover Vlan51
failover link failover Vlan51
failover interface ip failover 192.168.100.1 255.255.255.252 standby 192.168.100.2
faiover
作者:Tony Liu(admin#myccie.net)
地址:http://myccie.net/read.php?125
版权所有。转载时必须链接形式注明作者和原始出处及本声明!
黑客攻击类工具讲解-Ha
Intrusion De
好文章!!!!