Configure multiple context

Posted on November 19, 2010

0



Follow the following order of the documents:

1. Enabling Multiple Context Mode
2. Adding and Managing Security Contexts
3. Configuring Failover
4. Configuring Active/Active Failover

My Example contexts (Code 7.0.5)

Topology

Initial context configuration:

1, pixfirewall(config)# mode multiple

2, Create admin context (This is done while issuing “mode multiple” command by default):

admin-context admin
context admin
allocate-interface Ethernet0 Ethernet0
config-url flash:/admin.cfg

3, power on the interface

pixfirewall(config)# interface Ethernet0
pixfirewall(config-if)# no shut

4, Address the interface of the admin context:

pixfirewall/admin(config)# interface Ethernet0
pixfirewall/admin(config-if)# nameif inside
INFO: Security level for “inside” set to 100 by default.
pixfirewall/admin(config-if)# ip address 50.50.50.1 255.255.255.0

5, Configure ASDM access:

pixfirewall/admin(config)# http server enable
pixfirewall/admin(config)# http 0 0 inside
pixfirewall/admin(config)# crypto key generate rsa modulus 1024
INFO: The name for the keys will be: Default-RSA-Key
Keypair generation process begin. Please wait…

6, Configuring the context (cont):

context admin
allocate-interface Ethernet0
allocate-interface Ethernet1
config-url flash:/admin.cfg
join-failover-group 1
context failsafe
allocate-interface Ethernet2 ethernet0
allocate-interface Ethernet3 ethernet1
config-url flash:/failsafe.cfg
join-failover-group 2

The show failover command on the Primary Firewall:

pixfirewall# show failover
Failover On
Cable status: N/A – LAN-based failover enabled
Failover unit Primary
Failover LAN Interface: folink Ethernet4 (up)
Unit Poll frequency 15 seconds, holdtime 45 seconds
Interface Poll frequency 15 seconds
Interface Policy 1
Monitored Interfaces 4 of 250 maximum
Version: Ours 7.0(5), Mate 7.0(5)
Group 1 last failover at: 15:04:49 UTC Dec 13 2006
Group 2 last failover at: 09:23:50 UTC Dec 20 2006 

This host: Primary
Group 1 State: Active
Active time: 587760 (sec)
Group 2 State: Standby Ready
Active time: 267555 (sec)

admin Interface outside (10.10.20.1): Normal
admin Interface inside (10.10.10.1): Normal
failsafe Interface outside (20.20.30.2): Normal
failsafe Interface inside (20.20.20.2): Normal

Other host: Secondary
Group 1 State: Standby Ready
Active time: 0 (sec)
Group 2 State: Active
Active time: 320205 (sec)

admin Interface outside (10.10.20.2): Normal
admin Interface inside (10.10.10.2): Normal
failsafe Interface outside (20.20.30.1): Normal
failsafe Interface inside (20.20.20.1): Normal

Stateful Failover Logical Update Statistics
Link : sfolink Ethernet5 (up)
Stateful Obj xmit xerr rcv rerr
General 41950 0 41930 0
sys cmd 41934 0 41930 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 0 0
UDP conn 0 0 0 0
ARP tbl 16 0 0 0
Xlate_Timeout 0 0 0 0

Logical Update Queue Information
Cur Max Total
Recv Q: 0 1 63441
Xmit Q: 0 1 41950

The following Openoffice Word Processor file contains all configuration of the firewalls, contexts.
multiple_context_configuration

Advertisement
Posted in: ASA, Cisco, Multiple Context, Security