拓扑说明:此时需要用到分线交换机,两个不同ISP,且地址有多个,如电信两个公网IP:189.1.1.10/11,联通两个公网IP:101.1.1.10/11,ASA上分别一主一备,任何一家ISP公网故
.
拓扑说明:
此时需要用到分线交换机,两个不同ISP,且地址有多个,如电信两个公网IP:189.1.1.10/11,联通两个公网IP:101.1.1.10/11,ASA上分别一主一备,任何一家ISP公网故障,可以自动切换到另外一条ISP链路。
--------------------ASA双线出口配置---------------
interface GigabitEthernet0/0-------------------接口配置
nameif inside
security-level 100
ip address 172.29.32.199 255.255.255.0
!
interface GigabitEthernet0/1-------------------接口配置
description CU-150M
nameif outside
security-level 0
ip address X1.207.139.216 255.255.255.0
!
interface GigabitEthernet0/2-------------------接口配置
description CT-50M
nameif backup
security-level 10
ip address X.185.170.155 255.255.255.128
object network inside-outside-any-------------NAT地址配置
subnet 0.0.0.0 0.0.0.0
object network inside-backup-any-------------NAT地址配置
subnet 0.0.0.0 0.0.0.0
access-list 101 extended permit ip any any ----------ACL放行流量
access-list 101 extended permit icmp any any
access-group 101 in interface inside
access-group 101 in interface outside
access-group 101 in interface backup
object network inside-outside-any-------------NAT配置
nat (inside,outside) dynamic interface
object network inside-backup-any-------------NAT配置
nat (inside,backup) dynamic interface
route outside 0.0.0.0 0.0.0.0 X.207.139.1 1 track 1
route backup 0.0.0.0 0.0.0.0 X.185.170.129 2
sla monitor 1 ---------------------SLA配置
type echo protocol ipIcmpEcho X.207.139.1 interface outside
num-packets 3
frequency 5
sla monitor schedule 1 life forever start-time now
track 1 rtr 1 reachability
