码迷,mamicode.com
首页 > 系统相关 > 详细

Cisco ASA firewall swap

时间:2018-09-22 21:30:24      阅读:203      评论:0      收藏:0      [点我收藏+]

标签:secondary   replace   primary   from   cross   ack   原来   mod   host   

Cisco ASA FW replacement Active sand Standby Mode
思科防火墙 更换

must make sure the cross connection is there.

  1. must have written connection for DC to check
  2. must make sure the lincense is there show verion
  3. Must have a roll back plane.
  4. Must communication effectively with DC guys.

show X
Show arp
show ×××-session L2l
sh run nat

Primary A
Gi1/1 to Switch
Gi1/2 to Switch
GI1/8 to Sec B Gi1/8 ( cross connect)
Secondary B

New Primay C
New Secondary D

Step 1.
Move all the connection from B to New Secondary D ( include cross connect)

Step 2.
Failover over the Active to New Secondary D ( in new D failover active)
show failvoer state
Step 3.
Move all the connection from A to new C.
Show failvoer state

Step 3.
Move the Active FW to new C. ( in C failvoer active)

show xlate
show arp
ping host to see if its live
show -session-l2l to check tunnel status.

因为跟换的时候是一台一台更换的。

导致我在更换的时候,
比如 Old Primary 和 New Sec D 的时候, 怎么也不工作, 原来他们之间的
Failover Link 没有连起来

Suppose
Old Primary Failvoer link to New Sec D Failover link.

现实连的是
New Priamary C Failover link to New Sec D failover link.

Note: cross connect = Failvoer link.

是主防火墙 和备用防火墙之间的通信连接

Cisco ASA firewall swap

标签:secondary   replace   primary   from   cross   ack   原来   mod   host   

原文地址:http://blog.51cto.com/bobo5620301/2178985

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!