hostname NGFW-unit1
names
ip local pool mgt-pool 10.208.224.16-10.208.72.20
asa1:
interface TenGigabitEthernet0/8
channel-group 48 mode active
interface TenGigabitEthernet0/9
channel-group 48 mode active
cluster interface-mode spanned check-details
cluster group calm
key move
local-unit unit1
cluster-interface port-channel 48 ip 172.16.1.17 255.255.255.0
priority 1
enable noconfirm
mtu cluster 9000
interface port-channel 48
shutdown
no shutdown
asa2:
interface TenGigabitEthernet0/8
channel-group 48 mode active
interface TenGigabitEthernet0/9
channel-group 48 mode active
cluster interface-mode spanned check-details
cluster group calm
key move
local-unit unit2
cluster-interface port-channel 48 ip 172.16.1.18 255.255.255.0
priority 2
enable noconfirm
mtu cluster 9000
interface port-channel 48
shutdown
no shutdown
!
interface GigabitEthernet0/0
channel-group 8 mode active
no security-level
no ip address
!
interface GigabitEthernet0/1
channel-group 1 mode active
no security-level
no ip address
!
interface GigabitEthernet0/2
channel-group 2 mode active
no security-level
no ip address
!
interface GigabitEthernet0/3
channel-group 3 mode active
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
channel-group 4 mode active
no security-level
no ip address
!
interface GigabitEthernet0/5
channel-group 5 mode active
no security-level
no ip address
!
interface GigabitEthernet0/6
channel-group 6 mode active
no security-level
no ip address
!
interface GigabitEthernet0/7
channel-group 7 mode active
no security-level
no ip address
!
interface Management0/0
management-only
nameif mgt
security-level 0
ip address 10.208.224.16 255.255.255.0 cluster-pool mgt-pool
!
interface Port-channel48
description Clustering Interface
!
interface Port-channel1
lacp max-bundle 8
port-channel span-cluster
nameif sc
security-level 50
ip address 192.168.1.211 255.255.255.248
shut
no shut
mac-address xx.xx.xx.xx
!
interface Port-channel2
lacp max-bundle 8
port-channel span-cluster
nameif oa
security-level 50
ip address xxxx
!
interface Port-channel3
lacp max-bundle 8
port-channel span-cluster
nameif dhdp
security-level 50
ip address xxxx
!
interface Port-channel4
lacp max-bundle 8
port-channel span-cluster
nameif zd
security-level 50
ip address xxxx
!
interface Port-channel5
lacp max-bundle 8
port-channel span-cluster
nameif tdb
security-level 50
ip address xxxx
!
interface Port-channel6
lacp max-bundle 8
port-channel span-cluster
nameif vpdn
security-level 50
ip address xxxx
!
interface Port-channel7
lacp max-bundle 8
port-channel span-cluster
nameif lxlf
security-level 50
ip address xxxx
!
interface Port-channel8
lacp max-bundle 8
port-channel span-cluster
nameif service
security-level 50
ip address xxxx
!
boot system disk0:/asa962-7-smp-k8.bin
asdm image disk0:/asdm-762-150.bin
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 mgt
Crypto
crypto ???
ssh stricthostkeycheck
ssh 0.0.0.0 0.0.0.0 mgt
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
username admin password vc3pgvGjCkXPuMjb encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
policy-map global_policy
class inspection_default
inspect icmp
!
本文出自 “ksitigarbha” 博客,请务必保留此出处http://ksitigarbha.blog.51cto.com/1013724/1894214
Cisco ASA 5585 with firepower configuration 简易配置
原文:http://ksitigarbha.blog.51cto.com/1013724/1894214