Skip to content

ASA Failover 構成ラボ

以前に Cisco ASA の Failover 設定例と Tips というメモを書きました。 今回は CML2 上に ASAv を Failover 構成でデプロイしたラボをメモしておきます。

ラボファイル

CML2 上で利用可能なラボファイルは下記からダウンロード可能です。

検証構成

構成は以下の通りです。

file

コンフィグ

各々のコンフィグは以下の通りです。

ASAv-1

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
hostname ASAv-1
!
enable password cisco
!
interface GigabitEthernet0/0
 no shutdown
!
interface GigabitEthernet0/1
 nameif inside
 security-level 100
 ip address 10.0.1.254 255.255.255.0 standby 10.0.1.253
 no shutdown
!
interface GigabitEthernet0/2
 nameif outside
 security-level 0
 ip address 10.0.2.254 255.255.255.0 standby 10.0.2.253
 no shutdown
!
clock timezone JST 9
no pager
!
failover
failover lan unit primary
failover lan interface FAILOVER GigabitEthernet0/0
failover interface ip FAILOVER 10.0.99.1 255.255.255.252 standby 10.0.99.2
!
prompt hostname state priority
!
fixup protocol icmp
!
policy-map global_policy
 class inspection_default
  inspect icmp
!
end

ASAv-2

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
hostname ASAv-2
!
enable password cisco
!
interface GigabitEthernet0/0
 no shutdown
!
failover
failover lan unit secondary
failover lan interface FAILOVER GigabitEthernet0/0
failover interface ip FAILOVER 10.0.99.1 255.255.255.252 standby 10.0.99.2
!
end

IOSv-1

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
hostname IOSv-1
!
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
!
logging buffered 65536 debugging
!
clock timezone JST +9
!
no ip domain-lookup
!
interface GigabitEthernet0/0
 ip address 10.0.1.1 255.255.255.0
 no shutdown
!
ip route 0.0.0.0 0.0.0.0 10.0.1.254
!
no banner exec ^C
no banner incoming ^C
no banner login ^C
!
line con 0
 exec-timeout 300 0
 privilege level 15
 logging synchronous
 length 0
!
line vty 0 4
 exec-timeout 300 0
 privilege level 15
 logging synchronous
 no login
 length 0
 transport input telnet
!
scheduler allocate 20000 1000
!
end

IOSv-2

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
hostname IOSv-2
!
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
!
logging buffered 65536 debugging
!
clock timezone JST +9
!
no ip domain-lookup
!
interface GigabitEthernet0/0
 ip address 10.0.2.2 255.255.255.0
 no shutdown
!
ip route 0.0.0.0 0.0.0.0 10.0.2.254
!
no banner exec ^C
no banner incoming ^C
no banner login ^C
!
line con 0
 exec-timeout 300 0
 privilege level 15
 logging synchronous
 length 0
!
line vty 0 4
 exec-timeout 300 0
 privilege level 15
 logging synchronous
 no login
 length 0
 transport input telnet
!
scheduler allocate 20000 1000
!
end