Appendix B
Sample Configurations
route outside 0.0.0.0 0.0.0.0 192.168.5.1 1
ssh 192.168.0.2 255.255.255.255 inside
Example 9: Primary ctx1 Context Configuration
enable password quadrophenia
password tommy
hostname ctx1
interface Ethernet3
nameif inside
security-level 100
ip address 192.168.20.1 255.255.255.0 standby 192.168.20.11
interface Ethernet4
nameif outside
security-level 0
ip address 192.168.10.31 255.255.255.0 standby 192.168.10.41
asr-group 1
access-list 201 extended permit ip any any
access-group 201 in interface outside
logging enable
logging console informational
monitor-interface inside
monitor-interface outside
route outside 0.0.0.0 0.0.0.0 192.168.10.71 1
Example 9: Secondary Unit Configuration
You only need to configure the secondary security appliance to recognize the failover link. The
secondary security appliance obtains the context configurations from the primary security appliance
upon booting or when failover is first enabled. The preempt commands in the failover group
configurations cause the failover groups to become active on their designated unit after the
configurations have been synchronized and the preempt delay has passed.
failover
failover lan unit secondary
failover lan interface folink Ethernet0
failover interface ip folink 10.0.4.1 255.255.255.0 standby 10.0.4.11
OL-10088-01
Example 9: LAN-Based Active/Active Failover (Routed Mode)
Cisco Security Appliance Command Line Configuration Guide
B-25