There is nothing in switch configs.They are just defaults.I didnt configure trunk on the port connected to firewall. Do i need to do that?
Imran On Sat, Oct 17, 2009 at 10:24 AM, Johan Bornman <[email protected]> wrote: > Can you sent the switch config’s? > > > > *From:* imran mohammed [mailto:[email protected]] > *Sent:* 17 October 2009 06:52 > > *To:* Johan Bornman > *Cc:* Dave Craddock; Cisco certification; OSL CCIE Security Lab Exam > *Subject:* Re: [OSL | CCIE_Security] Active/standby failover on Qemu > issues > > > > I did a no shut. > > Do I need to configure a trunk on the switch?? > > Imran > > On Sat, Oct 17, 2009 at 10:18 AM, Johan Bornman <[email protected]> wrote: > > Imran, > > > > Nothing obvious in your config that is I can see is wrong. > > 1. Did you “no shut” the eth0/2 int on the secondary asa? > > 2. Did you configure trunking, vlan’s on the switches? > > > > Johan > > > > *From:* imran mohammed [mailto:[email protected]] > *Sent:* 17 October 2009 06:40 > *To:* Johan Bornman > *Cc:* Dave Craddock; Cisco certification; OSL CCIE Security Lab Exam > > > *Subject:* Re: [OSL | CCIE_Security] Active/standby failover on Qemu > issues > > > > Hi, > > Here is my config > > interface Ethernet0/0 > nameif outside > security-level 0 > ip address 10.1.1.2 255.255.255.0 standby 10.1.1.3 > ! > interface Ethernet0/1 > nameif inside > security-level 100 > ip address 20.1.1.2 255.255.255.0 standby 20.1.1.3 > ! > interface Ethernet0/2 > description LAN/STATE Failover Interface > ! > interface Ethernet3 > shutdown > no nameif > no security-level > no ip address > ! > interface Ethernet4 > shutdown > no nameif > no security-level > no ip address > ! > ftp mode passive > pager lines 24 > mtu outside 1500 > mtu inside 1500 > failover > failover lan unit primary > failover lan interface FAIL Ethernet0/2 > failover link FAIL Ethernet0/2 > failover interface ip FAIL 40.1.1.2 255.255.255.0 standby 40.1.1.3 > icmp unreachable rate-limit 1 burst-size 1 > no asdm history enable > arp timeout 14400 > > > ****************************************************************************** > > failover > failover lan unit secondary > failover lan interface FAIL Ethernet0/2 > failover link FAIL Ethernet0/2 > failover interface ip FAIL 40.1.1.2 255.255.255.0 standby 40.1.1.3 > > Please help me with. > > Is ur active/standby working Qemu ?? > > Regards > Imran > > On Sat, Oct 17, 2009 at 9:59 AM, Johan Bornman <[email protected]> wrote: > > Send your configs please. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *imran mohammed > *Sent:* 17 October 2009 06:27 > *To:* Dave Craddock > *Cc:* Cisco certification; OSL CCIE Security Lab Exam > *Subject:* Re: [OSL | CCIE_Security] Active/standby failover on Qemu > issues > > > > Yes I can ping the interfaces and I have failover link configured.If I do > the failover active that works. > > Regards > Imran > > On Sat, Oct 17, 2009 at 1:22 AM, Dave Craddock <[email protected]> wrote: > > Can you ping the active and standby addresses on both sides of the > firewalls > > And how have you got your failover link configured and connected? > > > > Dave > > > > > > From: [email protected] > [mailto:[email protected]] On Behalf Of OSL CCIE > Security Lab Exam > Sent: 16 October 2009 20:03 > To: Cisco certification; [email protected] > Subject: [OSL | CCIE_Security] Active/standby failover on Qemu issues > > > > > Hi All, > > > The issue is iam doing active standby.I have got sw1 connected on > outside and sw2 inside.To the switch are connected the routers. > > Iam able to ping the routers ie the traffic is going through the > firewall primary.But iam not able to replicate the failover. > > Suppose if i enable monitor interface on inside and shut down the link > on the sw2 where it is connected to inside interface i cannot see the > failover happening. > when i do show monitor interface everything shows normal.even if i > remove the link.So how should i create the failover scenario. > > I > Regards > Imran > > > > > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
