Cisco ASA firewall Active/Standby failover（cisco交换机）

Cisco ASA firewall Active/Standby failover（cisco交换机）

In this article, I will briefly explain the active/standby failover configuration on the cisco ASA. The lab is done in GNS3.

ciscoasa/stby/sec# sh conn9 in use, 9 most used

TCP outside 150.1.115.100:23 inside 10.1.1.100:32526, idle 0:00:18, bytes 147, flags UIO ciscoasa/stby/sec#

ciscoasa/stby/sec# sh conn9 in use, 9 most used

TCP outside 150.1.115.100:23 inside 10.1.1.100:32526, idle 0:00:18, bytes 147, flags UIO ciscoasa/stby/sec#

ciscoasa/act/pri# sh failover interface interface Failover_Stateless GigabitEthernet0/2System IP Address: 169.254.0.15 255.255.255.0My IP Address : 169.254.0.15Other IP Address : 169.254.0.16interface Failover_Stateful GigabitEthernet0/1System IP Address: 169.254.1.15 255.255.255.0My IP Address : 169.254.1.15Other IP Address : 169.254.1.16

ciscoasa/act/pri# sh failover

Failover On Failover unit PrimaryFailover LAN Interface: Failover_Stateless GigabitEthernet0/2 (up)Reconnect timeout 0:00:00Unit Poll frequency 1 seconds, holdtime 15 secondsInterface Poll frequency 5 seconds, holdtime 25 secondsInterface Policy 1Monitored Interfaces 3 of 36 maximumMAC Address Move Notification Interval not setVersion: Ours 9.6(2), Mate 9.6(2)Serial Number: Ours 9A9PLK9VKN2, Mate 9A8UNB99VESLast Failover at: 11:59:50 UTC Jun 2 2018This host: Primary - Active Active time: 1082 (sec)slot 0: emptyInterface management (172.16.212.96): Normal (Waiting)Interface inside (10.1.1.1): Normal (Monitored)Interface outside (150.1.115.1): Normal (Monitored)Other host: Secondary - Standby Ready Active time: 137 (sec)Interface management (0.0.0.0): Normal (Waiting)Interface inside (10.1.1.2): Normal (Monitored)Interface outside (150.1.115.2): Normal (Monitored)

Interesting Log:

This is from primary: ciscoasa(config)# failoverciscoasa(config)# %ASA-1-105002: (Primary) Enabling failover..

No Active mate detected

Beginning configuration replication: Sending to mate.%ASA-1-709003: (Primary) Beginning configuration replication: Send to mate.End Configuration Replication to mate%ASA-1-709004: (Primary) End Configuration Replication (ACT)

This is from Secondary:Detected an Active mateBeginning configuration replication from mate.%ASA-1-709005: (Secondary) Beginning configuration replication: Receiving from mate.WARNING: Disabling auto import may affect Smart LicensingCreating trustpoint "_SmartCallHome_ServerCA" and installing certificate...

Trustpoint CA certificate accepted.WARNING: Failover is enabled but standby IP address is not configured for this interface.WARNING: Failover is enabled but standby IP address is not configured for this interface.

WARNING: Failover is enabled but standby IP address is not configured for this interface.WARNING: Trustpoint _SmartCallHome_ServerCA is already authenticated.End configuration replication from mate.

ciscoasa(config)# %ASA-4-405003: IP address collision detected between host 169.254.0.15 at 5260.89c0.6003 and interface Failover_Stateless, 5260.89e7.4903

ciscoasa/act/pri# sh arpinside 10.1.1.100 aabb.cc00.0200 2408outside 150.1.115.100 aabb.cc00.0300 1761Failover_Stateless 169.254.0.16 5260.89c0.6003 1248Failover_Stateful 169.254.1.16 5260.89c0.6002 2030

ciscoasa/stby/sec# sh arpinside 10.1.1.100 aabb.cc00.0200 2069Failover_Stateless 169.254.0.15 5260.89e7.4903 1289outside 150.1.115.100 aabb.cc00.0300 1802Failover_Stateful 169.254.1.15 5260.89e7.4902 207

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。