配置PIX Failover-----配置实例

admin

Failover配置实例

网络拓朴如下图所示：


例1   Failover 配置
<div style="MARGIN-TOP: 0pt; FONT-WEIGHT: normal; FONT-SIZE: 9.5pt; MARGIN-BOTTOM: 0pt; TEXT-TRANSFORM: none; COLOR: #000000; TEXT-INDENT: 0pt; MARGIN-RIGHT: 0pt; FONT-STYLE: normal; FONT-FAMILY: Courier New, Courier, monoCourier  New, Courier,  mono; TEXT-ALIGN: left; FONT-VARIANT: normal; TEXT-DECORATION: none">nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 failover security10
nameif ethernet3 unused security20
enable password xxx encrypted
passwd xxx encrypted
hostname pixfirewall
fixup protocol ftp 21
fixup protocol http 80
fixup protocol smtp 25
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol sqlnet 1521
names
pager lines 20
no logging timestamp
no logging standby
logging console errors
no logging monitor
no logging buffered
no logging trap
logging facility 20
logging queue 512
interface ethernet0 10baset
interface ethernet1 10baset
interface ethernet2 100full
interface ethernet3 10baset
mtu outside 1500
mtu inside 1500
mtu failover 1500
mtu unused 1500
ip address outside 209.165.201.1
255.255.255.224
ip address inside 192.168.2.1 255.255.255.0
ip address failover 192.168.254.1
255.255.255.0
ip address unused 192.168.253.1
255.255.255.252
failover
failover ip address outside 209.165.201.2
failover ip address inside 192.168.2.2
failover ip address failover 192.168.254.2
failover ip address unused 192.168.253.2
failover link failover
arp timeout 14400
global (outside) 1 209.165.201.3 netmask 255.255.255.224
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 209.165.201.5
192.168.2.5 netmask 255.255.255.255 0 0
access-list acl_out permit tcp any 209.165.201.5 eq 80
access-list acl_out permit icmp any any
access-group acl_out in interface outside
access-list acl_ping permit icmp any any
access-group acl_ping in interface inside
no rip outside passive
no rip outside default
no rip inside passive
no rip inside default
no rip failover passive
no rip failover default
route outside 0 0 209.165.201.4 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00
udp 0:02:00 rpc 0:10:00 h323 0:05:00
sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
telnet timeout 5
terminal width 80