Volume 1 1.50 Active/Active Failover

I configured Active Active failover on it . Earlier I used ASA for emulation but it was not possible when i was doing Active Standby . I thought ASA is buggy in GNS3 and then I changed to PIX . Active Standby worked fine on PIX btw . After having done all the configuration FW1 is having all the Active contexts however I want the CustomerB context to function as Active in FW2 . Below is configuration

 


FW1 Running Config

FW1# sh run

: Saved

:

PIX Version 8.0(4) <system>

!

hostname FW1

enable password 8Ry2YjIyt7RRXU24 encrypted

no mac-address auto

!

interface Ethernet0

!

interface Ethernet1

!

interface Ethernet1.121

vlan 121

!

interface Ethernet1.122

vlan 122

!

interface Ethernet2

description LAN/STATE Failover Interface

!

interface Ethernet3

shutdown

!

interface Ethernet4

shutdown    

!

class default

  limit-resource All 0

  limit-resource ASDM 5

  limit-resource SSH 5

  limit-resource Telnet 5

!

 

ftp mode passive

pager lines 24

failover

failover lan unit primary

failover lan interface failover Ethernet2

failover lan enable

failover link failover Ethernet2

failover interface ip failover 100.0.0.1 255.255.255.0 standby 100.0.0.2

failover group 1

failover group 2

  secondary

no asdm history enable

arp timeout 14400

console timeout 0

 

admin-context CustomerA

context CustomerA

  allocate-interface Ethernet0

  allocate-interface Ethernet1.121

  config-url flash:/CustomerA.cfg

  join-failover-group 1

!

 

context CustomerB

  allocate-interface Ethernet0

  allocate-interface Ethernet1.122

  config-url flash:/CUstomerB.cfg

  join-failover-group 2

!

 

context admin

!

 

prompt hostname context

Cryptochecksum:b88d9b93e15885f087662cf0732c1134

: end

 

 

     FW2 Running Config

FW1# sh run

: Saved

:

PIX Version 8.0(4) <system>

!

hostname FW1

enable password 8Ry2YjIyt7RRXU24 encrypted

no mac-address auto

!

interface Ethernet0

!

interface Ethernet1

!

interface Ethernet1.122

no vlan

!

interface Ethernet2

description LAN/STATE Failover Interface

!

interface Ethernet3

shutdown

!

interface Ethernet4

shutdown

!

class default

  limit-resource All 0

  limit-resource ASDM 5

  limit-resource SSH 5

  limit-resource Telnet 5

!

 

ftp mode passive

pager lines 24

failover

failover lan unit secondary

failover lan interface failover Ethernet2

failover lan enable

failover link failover Ethernet2

failover interface ip failover 100.0.0.1 255.255.255.0 standby 100.0.0.2

failover group 1

failover group 2

  secondary

no asdm history enable

arp timeout 14400

console timeout 0

 

admin-context CustomerA

context CustomerA

  allocate-interface Ethernet0

  config-url flash:/CustomerA.cfg

  join-failover-group 1

!

 

context CustomerB

  allocate-interface Ethernet0

  allocate-interface Ethernet1.122

  config-url flash:/CUstomerB.cfg

  join-failover-group 2

!

 

context admin

!

 

prompt hostname context

Cryptochecksum:7d680297011635b805d85fd38bbc0176

: end

 

       Show Failover on FW1

FW1# sho failover

Failover On

Cable status: N/A - LAN-based failover enabled

Failover unit Primary

Failover LAN Interface: failover Ethernet2 (up)

Unit Poll frequency 15 seconds, holdtime 45 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 2 of 250 maximum

Version: Ours 8.0(4), Mate 8.0(4)

Group 1 last failover at: 07:03:45 UTC May 17 2011

Group 2 last failover at: 07:03:45 UTC May 17 2011

 

  This host:    Primary

  Group 1       State:          Active

                Active time:    3000 (sec)

  Group 2       State:          Active

                Active time:    3000 (sec)

 

                  CustomerA Interface inside (10.0.0.10): Normal (Not-Monitored)

                  CustomerA Interface outside (136.1.130.10): Normal (Waiting)

                  CustomerB Interface outside (136.1.130.50): Normal (Waiting)

                  CustomerB Interface inside (10.0.0.30): Normal (Not-Monitored)

 

  Other host:   Secondary

  Group 1       State:          Standby Ready

                Active time:    0 (sec)

  Group 2       State:          Standby Ready

                Active time:    0 (sec)

 

                  CustomerA Interface inside (10.0.0.20): Normal (Not-Monitored)

                  CustomerA Interface outside (136.1.130.20): Normal (Waiting)

                  CustomerB Interface outside (136.1.130.60): Normal (Waiting)

                  CustomerB Interface inside (10.0.0.40): Unknown (Not-Monitored)

 

Stateful Failover Logical Update Statistics

        Link : failover Ethernet2 (up)

        Stateful Obj    xmit       xerr       rcv        rerr     

        General         387        0          384        0        

        sys cmd         384        0          384        0        

        up time         0          0          0          0        

        RPC services    0          0          0          0        

        TCP conn        0          0          0          0        

        UDP conn        0          0          0          0        

        ARP tbl         3          0          0          0        

        Xlate_Timeout   0          0          0          0        

        SIP Session     0          0          0          0        

 

        Logical Update Queue Information

                        Cur     Max     Total

        Recv Q:         0       1       384

        Xmit Q:         0       1       387

 

 

     Show failover on FW2

FW1# show failover

Failover On

Cable status: N/A - LAN-based failover enabled

Failover unit Secondary

Failover LAN Interface: failover Ethernet2 (up)

Unit Poll frequency 15 seconds, holdtime 45 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 2 of 250 maximum

Version: Ours 8.0(4), Mate 8.0(4)

Group 1 last failover at: 07:06:10 UTC May 17 2011

Group 2 last failover at: 07:06:10 UTC May 17 2011

 

  This host:    Secondary

  Group 1       State:          Standby Ready

                Active time:    0 (sec)

  Group 2       State:          Standby Ready

                Active time:    0 (sec)

 

                  CustomerA Interface outside (136.1.130.20): Normal (Waiting)

                  CustomerB Interface outside (136.1.130.60): Normal (Waiting)

 

  Other host:   Primary

  Group 1       State:          Active

                Active time:    3000 (sec)

  Group 2       State:          Active

                Active time:    3000 (sec)

 

                  CustomerA Interface outside (136.1.130.10): Normal (Waiting)

                  CustomerB Interface outside (136.1.130.50): Normal (Waiting)

 

Stateful Failover Logical Update Statistics

        Link : failover Ethernet2 (up)

        Stateful Obj    xmit       xerr       rcv        rerr     

        General         385        0          388        0        

        sys cmd         385        0          385        0        

        up time         0          0          0          0        

        RPC services    0          0          0          0        

        TCP conn        0          0          0          0        

        UDP conn        0          0          0          0        

        ARP tbl         0          0          3          0        

        Xlate_Timeout   0          0          0          0        

        SIP Session     0          0          0          0        

 

        Logical Update Queue Information

                        Cur     Max     Total

        Recv Q:         0       1       388

        Xmit Q:         0       1       385

Comments

Sign In or Register to comment.