Going to create 2 contexts, IT and SALES.
SW1 and SW3 are carrying IT traffic while SW2 and SW4 is carrying SALES traffic.
Let's start by converting ASAs to multiple context mode by mode multiple command on ASAs and bringing up the interfaces from system context.
Configuring ASA1;
context IT
allocate-interface Ethernet1
allocate-interface Ethernet3
config-url disk0:/IT.cfg
context SALES
allocate-interface Ethernet2
allocate-interface Ethernet4
config-url disk0:/SALES.cfg
Now it's the time to configure Failover..
failover lan unit primary
failover lan interface FO Ethernet0
failover link FO Ethernet0
failover interface ip FO 10.10.10.1 255.255.255.0 standby 10.10.10.2
Configuring failover groups
failover group 1
primary
preempt
failover group 2
secondary
preempt
Join the contexts to failover groups
context IT
join-failover-group 1
context SALES
join-failover-group 2
And on Secondary ASA;
failover lan unit secondary
failover lan interface FO Ethernet0
failover link FO Ethernet0
failover interface ip FO 10.10.10.1 255.255.255.0 standby 10.10.10.2
finally hit failover on both the ASAs..
prompt command will change the system name accordingly to identify where you are in CLI.
use something like hostname context priority state in system context.
You can configure all the other things from now on just like you would do in normal ASAs but remember to do them on currently active ASA for the context you need to configure. As an example, configure interface IP for SALES context should be done in ASA2 now.
Failover show commands like show failover will be helpful in config verification.
No comments:
Post a Comment