配置PIX双机failover的要点

　　nameif ethernet0 outside security0

　　nameif ethernet1 inside security100

　　nameif ethernet3 state security20

　　enable password farscape encrypted

　　password crichton encrypted

　　telnet 192.168.2.45 255.255.255.255

　　hostname pixfirewall

　　ip address outside 209.165.201.1 255.255.255.224

　　ip address inside 192.168.2.1 255.255.255.0

　　ip address state 192.168.253.1 255.255.255.252

　　failover ip address outside 209.165.201.2

　　failover ip address inside 192.168.2.2

　　failover ip address state 192.168.253.2

　　failover link state(注意:此处定义的是上文所述的“State Link”)

　　failover

　　global (outside) 1 209.165.201.3 netmask 255.255.255.224

　　nat (inside) 1 0.0.0.0 0.0.0.0 0 0

　　static (inside,outside) 209.165.201.5 192.168.2.5 netmask 255.255.255.255 0 0

　　access-list acl_out permit tcp any 209.165.201.5 eq 80

　　access-group acl_out in interface outside

　　route outside 0 0 209.165.201.4 1

　　例2 LAN-Based Failover Configuration

　　Primary设备：

　　interface ethernet0 100full

　　interface ethernet1 100full

　　interface ethernet2 100full

　　interface ethernet3 100full

　　nameif ethernet0 outside security0

　　nameif ethernet1 inside security100

　　nameif ethernet2 failover security10

　　nameif ethernet3 state security20

　　enable password farscape encrypted