Example 12: Primary Ctx1 Context Configuration; Example 12: Secondary Unit Configuration - Cisco PIX 500 Series Configuration Manual

Example 12: LAN-Based Active/Active Failover (Transparent Mode)
hostname admin
interface Ethernet1
nameif outside
security-level 0
interface Ethernet2
nameif inside
security-level 100
ip address 192.168.5.31 255.255.255.0 standby 192.168.5.32
monitor-interface outside
monitor-interface inside
route outside 0.0.0.0 0.0.0.0 192.168.5.1 1
ssh 192.168.5.72 255.255.255.255 inside

Example 12: Primary ctx1 Context Configuration

enable password quadrophenia
password tommy
hostname ctx1
interface Ethernet3
nameif inside
security-level 100
interface Ethernet4
nameif outside
security-level 0
access-list 201 extended permit ip any any
access-group 201 in interface outside
logging enable
logging console informational
ip address 192.168.10.31 255.255.255.0 standby 192.168.10.32
monitor-interface inside
monitor-interface outside
route outside 0.0.0.0 0.0.0.0 192.168.10.1 1

Example 12: Secondary Unit Configuration

You only need to configure the secondary security appliance to recognize the failover link. The
secondary security appliance obtains the context configurations from the primary security appliance
upon booting or when failover is first enabled. The preempt commands in the failover group
configurations cause the failover groups to become active on their designated unit after the
configurations have been synchronized and the preempt delay has passed.
firewall transparent
failover
failover lan unit secondary
failover lan interface folink Ethernet0
failover interface ip folink 10.0.4.1 255.255.255.0 standby 10.0.4.11
Cisco Security Appliance Command Line Configuration Guide
B-32
Appendix B Sample Configurations
OL-12172-03