1. Specify LAN failover physical interface and name it. In this lab, failover and stateful link are sharing the same interface.
ASAv1(config)#
failover lan unit primary
failover lan interface FO GigabitEthernet0/2
failover link FO GigabitEthernet0/2
failover interface ip FO 192.168.254.1 255.255.255.0 standby 192.168.254.2
ASAv2(config)#
failover lan unit secondary
failover lan interface FO GigabitEthernet0/2
failover link FO GigabitEthernet0/2
failover interface ip FO 192.168.254.1 255.255.255.0 standby 192.168.254.2
2. Enable failover interface
ASAv1(config)#int g0/2
ASAv1(config-if)#no shut
ASAv2(config)#int g0/2
ASAv2(config-if)#no shut
3. Enable failover
ASAv1(config)#failover
ASAv2(config)#failover
4. Assign failover pair a new hostname
ASAv1(config)#hostname ASA
ASA(config)#
5. Verify Failover status
ASA# show failover
6. Continue basic configuration on Active ASA, config inside and outside interfaces
ASA(config)# int g0/0
ASA(config-if)# ip add 203.0.113.2 255.255.255.0 standby 203.0.113.3
ASA(config-if)# nameif outside
ASA(config-if)# no shut
ASA(config)# int g0/1
ASA(config-if)# ip add 10.0.0.1 255.255.255.0 standby 10.0.0.2
ASA(config-if)# nameif inside
ASA(config-if)# no shut
7. Configure NAT for outbound access
ASA(config)# object network NET-10.0.0.0_24
ASA(config-network-object)# subnet 10.0.0.0 255.255.255.0
ASA(config-network-object)# nat (inside,outside) dynamic interface
8. Add default route
ASA(config)# route outside 0.0.0.0 0.0.0.0 203.0.113.1
9. Enable ICMP inspection to allow ping reply pass through
ASA(config)# policy-map global_policy
ASA(config-pmap)# class inspection_default
ASA(config-pmap-c)# inspect icmp
Comments
Post a Comment