Appendix B
Sample Configurations
Example 11: LAN-Based Active/Standby Failover (Transparent Mode)
description STATE Failover Interface
telnet 192.168.2.45 255.255.255.255 inside
access-list acl_out permit tcp any host 209.165.201.5 eq 80
ip address 209.165.201.1 255.255.255.0 standby 209.165.201.2
failover
failover lan unit primary
failover lan interface failover Ethernet2
failover lan enable
! The failover lan enable command is required on the PIX security appliance only.
failover polltime unit msec 200 holdtime msec 800
failover key key1
failover link state Ethernet3
failover interface ip failover 192.168.254.1 255.255.255.0 standby 192.168.254.2
failover interface ip state 192.168.253.1 255.255.255.0 standby 192.168.253.2
access-group acl_out in interface outside
route outside 0.0.0.0 0.0.0.0 209.165.201.4 1
Example 11: Secondary Unit Configuration
firewall transparent
failover
failover lan unit secondary
failover lan interface failover ethernet2
failover lan enable
failover key key1
failover interface ip failover 192.168.254.1 255.255.255.0 standby 192.168.254.2
Cisco Security Appliance Command Line Configuration Guide
B-29
OL-10088-01