思科防火墙Failover故障倒换实验

时间 2021-01-02

标签 ide 3d blog 配置 route 互联网防火墙栏目负载均衡繁體版

原文原文链接

实验要求：ide

一、根据拓扑为防火墙/内网主机/互联网设备配置IP地址3d

二、配置PIX1（防火墙）配置访问Internet基本配置blog

三、配置PIX2上配置状态化Failover-STANDBYip

四、配置PIX1上状态化Failover-ACTIVEci

实验步骤it

一、根据拓扑为防火墙/内网主机/互联网设备配置 IP 地址；配置

R1：route

ip route 0.0.0.0 0.0.0.0 192.168.1.254互联网

二、配置 PIX1 配置访问 INTERNET 基本配置；防火墙

PX1:

interface e1

no shutdown

nameif outside

security-level 0

ip address 100.1.1.254 255.255.255.0

interface e0

no shutdown

nameif inside

security-level 100

ip address 192.168.1.254 255.255.255.0

route outside 0.0.0.0 0.0.0.0 100.1.1.1

access-list NAT permit ip 192.168.1.0 255.255.255.0 any

nat (inside) 1 access-list NAT

global (outside) 1 interface

fixup protocol icmp

三、配置 PIX2 上配置状态化 Failover-STANDBY；

interface e2

no shutdown

interface e3

no shutdown

failover

failover lan enable

failover key cisco

failover lan unit secondary

failover lan interface Failover e2

failover interface ip Failover 10.1.12.1 255.255.255.0 standby 10.1.12.2

failover link sta-failover e3

failover interface ip sta-failover 10.2.12.1 255.255.255.0 standby 10.2.12.2

四、配置 PIX1 上状态化 Failover-ACTIVE。

interface e2

no shutdown

interface e3

no shutdown

failover

failover lan enable

failover key cisco

failover lan unit primary

failover lan interface Failover e2

failover interface ip Failover 10.1.12.1 255.255.255.0 standby 10.1.12.2

failover link sta-failover e3

failover interface ip sta-failover 10.2.12.1 255.255.255.0 standby 10.2.12.2