Netemu 虚拟化先锋 's Archiver

i521you 发表于 2008-8-23 11:35

使用模拟器模拟PIX做虚拟防火墙failover

[img]http://blog.51cto.com/attachment/200808/200808231219460855406.jpg[/img]
[b]Primary Unit Configuration[/b]
PIX Version 8.0(2) <system>
!
hostname pixfirewall
enable password 8Ry2YjIyt7RRXU24 encrypted
mac-address auto
!
interface Ethernet0
!
interface Ethernet1
!
interface Ethernet2
description LAN/STATE Failover Interface
!
interface Ethernet3
!
interface Ethernet4
!
failover
failover lan unit primary
failover lan interface failover Ethernet2
failover lan enable
failover link failover Ethernet2
failover interface ip failover 11.11.11.11 255.255.255.0 standby 11.11.11.22
failover group 1
  preempt
failover group 2
  secondary
  preempt
admin-context admin
context admin
  allocate-interface Ethernet0
  allocate-interface Ethernet3
  config-url flash:/admin.cfg
  join-failover-group 1
!            
context test
  allocate-interface Ethernet1
  allocate-interface Ethernet4
  config-url flash:/test.cfg
  join-failover-group 2
!
[b]Primary Unit Context admin Configuration[/b]
PIX Version 8.0(2) <context>
!
hostname admin
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 1.1.1.1 255.255.255.0 standby 1.1.1.2
!
interface Ethernet3
nameif inside
security-level 100
ip address 3.3.3.1 255.255.255.0 standby 3.3.3.2
!
monitor-interface outside
monitor-interface inside
route outside 0 0 1.1.1.254

[b]Primary Unit Context Test Configuration[/b]
PIX Version 8.0(2) <context>
!
hostname test
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 2.2.2.1 255.255.255.0 standby 2.2.2.2
!
interface Ethernet3
nameif inside
security-level 100
ip address 4.4.4.1 255.255.255.0 standby 4.4.4.2
!
monitor-interface outside
monitor-interface inside
route outside 0 0 2.2.2.254

[b]Secondary Unit Configuration[/b]
failover
failover lan unit secondary
failover lan interface failover Ethernet2
failover lan enable
failover interface ip failover 11.11.11.11 255.255.255.0 standby 11.11.11.22

simon 发表于 2008-8-23 13:27

经典的拓扑,太惊艳了

i521you 发表于 2008-8-23 17:43

哈哈,随手画的

kanghestef 发表于 2009-8-31 15:02

看看            y133

cn78 发表于 2010-9-4 06:54

太惊艳了!!!!

布凡 发表于 2011-4-11 23:40

学习..小弟感觉有矛盾

babylong 发表于 2011-7-1 09:01

不错,支持一下,昨天也做了几个实验,发现配置相同单模ASA还是PIX模拟器都可以做failover
但是多模,PIX做failover没问题,ASA做failover外网无法ping通ASA,很郁闷。(路由或者透明都不行。)

addy 发表于 2011-7-23 21:36

failover都可以,牛啊!!!

页: [1]

Powered by Discuz! Archiver 7.0.0  © 2001-2009 Comsenz Inc.