Secondary Fwsm System Configuration (Example 7; Switch Configuration (Example 7 - Cisco 7604 Configuration Manual

Failover Example Configurations
access-list INTERNET remark -Allows all inside hosts to access the outside for
access-list INTERNET remark -any IP traffic
access-list INTERNET extended permit ip any any
access-group INTERNET in interface inside
access-list BPDU ethertype permit bpdu
access-group BPDU in interface inside
access-group BPDU in interface outside

Secondary FWSM System Configuration (Example 7)

You do not need to configure any contexts, just the following minimal configuration for the system.
failover interface ip faillink 192.168.253.1 255.255.255.252 standby 192.168.253.2
failover lan unit secondary
failover

Switch Configuration (Example 7)

The following lines in the Cisco IOS switch configuration on both switches relate to the FWSM. For
information about configuring redundancy for the switch, see the switch documentation.
...
firewall multiple-vlan-interfaces
firewall module 1 vlan-group 1
firewall vlan-group 1 4-6,10,11,200-202
interface vlan 200
interface vlan 201
interface vlan 202
interface range gigabitethernet 2/1-3
...
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
B-26
failover lan interface faillink vlan 10
ip address 10.0.3.3 255.255.255.0
standby 200 ip 10.0.1.4
standby 200 priority 110
standby 200 preempt
standby 200 timers 5 15
standby 200 authentication Secret
no shutdown
ip address 10.0.2.3 255.255.255.0
standby 200 ip 10.0.2.4
standby 200 priority 110
standby 200 preempt
standby 200 timers 5 15
standby 200 authentication Secret
no shutdown
ip address 10.0.1.3 255.255.255.0
standby 200 ip 10.0.3.4
standby 200 priority 110
standby 200 preempt
standby 200 timers 5 15
standby 200 authentication Secret
no shutdown
channel-group 2 mode on
switchport trunk encapsulation dot1q
no shutdown
Appendix B Sample Configurations
OL-20748-01