PIXfailover实验过程详解

王朝other·作者佚名  2008-05-19
窄屏简体版  字體: |||超大  

一、实验设备

1、PIX515E-UR两台,软件版本:6.3

2、交换机两台

二、拓扑图

三、配置

部分配置省略:

PIX Version 6.3(3)

interface ethernet0 100full

interface ethernet1 100full

nameif ethernet0 outs security0

nameif ethernet1 inside security100

ip address outs 192.168.18.201 255.255.255.0

ip address inside 1.1.1.1 255.255.255.0

failover

failover ip address outs 192.168.18.202

failover ip address inside 1.1.1.2

failover link inside

global (outs) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outs 0.0.0.0 0.0.0.0 192.168.18.1 1

telnet 0.0.0.0 0.0.0.0 inside

sho failover信息:在secondary PIX

开始时是primary PIX为active状态,secondary PIX 为standby状态。

pixfirewall# sho fail

Failover On

Cable status: Normal

Reconnect timeout 0:00:00

Poll frequency 15 seconds

Last Failover at: 00:49:39 UTC Fri Jan 1 1993

This host: Secondary - Standby

Active time: 0 (sec)

Interface outs (192.168.18.202): Normal

Interface inside (1.1.1.2): Normal

Other host: Primary - Active

Active time: 1845 (sec)

Interface outs (192.168.18.201): Normal

Interface inside (1.1.1.1): Normal

Stateful Failover Logical Update Statistics

Link : inside

Stateful Obj xmit xerr rcv rerr

General 117 0 137 0

sys cmd 117 0 117 0

up time 0 0 0 0

xlate 0 0 4 0

tcp conn 0 0 16 0

udp conn 0 0 0 0

ARP tbl 0 0 0 0

RIP Tbl 0 0 0 0

Logical Update Queue Information

Cur Max Total

Recv Q: 0 1 133

Xmit Q: 0 1 117

经过15秒多状态切换过来!

是primary PIX为standby状态,secondary PIX 为active状态。

pixfirewall# sho fail

Failover On

Cable status: Normal

Reconnect timeout 0:00:00

Poll frequency 15 seconds

Last Failover at: 01:32:20 UTC Fri Jan 1 1993

This host: Secondary - Active

Active time: 15 (sec)

Interface outs (192.168.18.201): Normal (Waiting)

Interface inside (1.1.1.1): Normal (Waiting)

Other host: Primary - Standby

Active time: 2580 (sec)

Interface outs (192.168.18.202): Normal

Interface inside (1.1.1.2): Link Down (Waiting)

Stateful Failover Logical Update Statistics

Link : inside

Stateful Obj xmit xerr rcv rerr

General 212 0 230 0

sys cmd 212 0 210 0

up time 0 0 0 0

xlate 0 0 4 0

tcp conn 0 0 16 0

udp conn 0 0 0 0

ARP tbl 0 0 0 0

RIP Tbl 0 0 0 0

Logical Update Queue Information

Cur Max Total

Recv Q: 0 1 226

Xmit Q: 0 1 212

注:1、在应用层IE浏览器几乎察觉不到切换。

2、实验参考:Cisco PIX Firewall and VPN Configuration Guide, Version 6.3中的Using PIX Firewall Failover部分。

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
© 2005- 王朝網路 版權所有 導航