The cisco ASA firewall allows for you to manage failover link addressing with an ipv6 address.
It's uses the exact same command but just subsitute the ipv4 address with a ipv6;
e.g ( master )
failover
failover lan unit primary <------MASTER
failover lan interface LANFAIL Port-channel1
failover polltime unit msec 300 holdtime msec 900
failover polltime interface 2 holdtime 15
failover replication http
failover link LANFAIL Port-channel1
failover interface ip LANFAIL 2001:db8:666::1/64 standby 2001:db8:666::2
failover group 1
preempt
failover group 2
secondary
preempt
e.g (slave )
failover
failover lan unit secondary <------STANDBY
failover lan interface LANFAIL Port-channel1
failover polltime unit msec 300 holdtime msec 900
failover polltime interface 2 holdtime 15
failover replication http
failover link LANFAIL Port-channel1
failover interface ip LANFAIL 2001:db8:666::1/64 standby 2001:db8:666::2
failover group 1
preempt
failover group 2
secondary
preempt
As usual you can define a ipv6 address on your ifname and specify a ipv6 address for standby
!
interface gi0/0
nameif inside_trust
security-level 100
ipv6 enable
ip address 192.168.88.1 255.255.255.0 standby 192.168.88.2
ipv6 address 2001:db8:192::1/64 standby 2001:db8:192::2
end
Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( * * )=
o
/ \
No comments:
Post a Comment