Cisco ASA FW replacement Active sand Standby Mode
思科防火牆 更換
must make sure the cross connection is there.
- must have written connection for DC to check
- must make sure the lincense is there show verion
- Must have a roll back plane.
- Must communication effectively with DC guys.
show X
Show arp
show ×××-session L2l
sh run nat
Primary A
Gi1/1 to Switch
Gi1/2 to Switch
GI1/8 to Sec B Gi1/8 ( cross connect)
Secondary B
New Primay C
New Secondary D
Step 1.
Move all the connection from B to New Secondary D ( include cross connect)
Step 2.
Failover over the Active to New Secondary D ( in new D failover active)
show failvoer state
Step 3.
Move all the connection from A to new C.
Show failvoer state
Step 3.
Move the Active FW to new C. ( in C failvoer active)
show xlate
show arp
ping host to see if its live
show -session-l2l to check tunnel status.
因爲跟換的時候是一臺一臺更換的。
導致我在更換的時候,
比如 Old Primary 和 New Sec D 的時候, 怎麼也不工作, 原來他們之間的
Failover Link 沒有連起來
Suppose
Old Primary Failvoer link to New Sec D Failover link.
現實連的是
New Priamary C Failover link to New Sec D failover link.
Note: cross connect = Failvoer link.
是主防火牆 和備用防火牆之間的通信連接