PIX failover 实验过程详解

来源:本站原创 CISCO 超过933 views围观 0条评论

一、实验设备

1、PIX515E-UR两台,软件版本:6.3
2、交换机两台
二、拓扑图

http://img.bimg.126.net/photo/M9EwmB8NWoZlvQDSc4n1ng==/358599120330157496.jpg

三、配置
部分配置省略:
PIX Version 6.3(3)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outs security0
nameif ethernet1 inside security100
ip address outs 192.168.18.201 255.255.255.0
ip address inside 1.1.1.1 255.255.255.0
failover
failover ip address outs 192.168.18.202
failover ip address inside 1.1.1.2
failover link inside
global (outs) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outs 0.0.0.0 0.0.0.0 192.168.18.1 1
telnet 0.0.0.0 0.0.0.0 inside
sho failover信息:在secondary PIX
开始时是primary PIX为active状态,secondary PIX 为standby状态。
pixfirewall# sho fail
Failover On
Cable status: Normal
Reconnect timeout 0:00:00
Poll frequency 15 seconds
Last Failover at: 00:49:39 UTC Fri Jan 1 1993
This host: Secondary – Standby
Active time: 0 (sec)
Interface outs (192.168.18.202): Normal
Interface inside (1.1.1.2): Normal
Other host: Primary – Active
Active time: 1845 (sec)
Interface outs (192.168.18.201): Normal
Interface inside (1.1.1.1): Normal
Stateful Failover Logical Update Statistics
Link : inside
Stateful Obj xmit xerr rcv rerr
General 117 0 137 0
sys cmd 117 0 117 0
up time 0 0 0 0
xlate 0 0 4 0
tcp conn 0 0 16 0
udp conn 0 0 0 0
ARP tbl 0 0 0 0
RIP Tbl 0 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 1 133
Xmit Q: 0 1 117
经过15秒多状态切换过来!
是primary PIX为standby状态,secondary PIX 为active状态。
pixfirewall# sho fail
Failover On
Cable status: Normal
Reconnect timeout 0:00:00
Poll frequency 15 seconds
Last Failover at: 01:32:20 UTC Fri Jan 1 1993
This host: Secondary – Active
Active time: 15 (sec)
Interface outs (192.168.18.201): Normal (Waiting)
Interface inside (1.1.1.1): Normal (Waiting)
Other host: Primary – Standby
Active time: 2580 (sec)
Interface outs (192.168.18.202): Normal
Interface inside (1.1.1.2): Link Down (Waiting)
Stateful Failover Logical Update Statistics
Link : inside
Stateful Obj xmit xerr rcv rerr
General 212 0 230 0
sys cmd 212 0 210 0
up time 0 0 0 0
xlate 0 0 4 0
tcp conn 0 0 16 0
udp conn 0 0 0 0
ARP tbl 0 0 0 0
RIP Tbl 0 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 1 226
Xmit Q: 0 1 212
注:1、在应用层IE浏览器几乎察觉不到切换。
2、实验参考:Cisco PIX Firewall and VPN Configuration Guide, Version 6.3中的Using PIX Firewall Failover部分。

文章出自:CCIE那点事 http://www.jdccie.com/ 版权所有。本站文章除注明出处外,皆为作者原创文章,可自由引用,但请注明来源。 禁止全文转载。
本文链接:http://www.jdccie.com/?p=326转载请注明转自CCIE那点事
如果喜欢:点此订阅本站
  • 相关文章
  • 为您推荐
  • 各种观点

暂时还木有人评论,坐等沙发!
发表评论

您必须 [ 登录 ] 才能发表留言!