The naming convention of the hardware is [zone location]-[Hardware Type]
-
Define the hardware hostname
ciscoasa#
conf tciscoasa(config)#
hostname LAN-Firewall
Even if it is not a production project, I like to get into the good habit of not exposing passwords and using the environment variables made available by Github.
-
Control access for enable (privileged) mode use of scrypt as the hashing algorithm
LAN-Firewall(config)#
enable algorithm-type scrypt secret ${{secrets.CREDENTIAL_SECRET}} -
Set username/secret(password) for authentification
LAN-Firewall(config)#
username admin algorithm-type scrypt secret ${{secrets.CREDENTIAL_SECRET}} -
Command line configuration to use locally configured username/secret pairs
LAN-Firewall(config)#
line con 0LAN-Firewall(config-line)#
login localLAN-Firewall(config-line)#
exit -
Terminal access configuration to use locally configured username/secret pairs
LAN-Firewall(config)#
line vty 0 4LAN-Firewall(config-line)#
login localLAN-Firewall(config-line)#
exit
-
Setup failover interface on the secondary firewall
LAN-Firewall(config)#
failover lan unit secondaryLAN-Firewall(config)#
int g0/2LAN-Firewall(config)#
no shut -
Assign the failover Ip-Address on the secondary firewall (FAILOVER will be the name assigned to the interface).
LAN-Firewall(config)#
failover lan interface FAILOVER g0/2LAN-Firewall(config)#
failover interface ip FAILOVER 172.16.55.1 255.255.255.252 standby 172.16.55.2LAN-Firewall(config)#
failover key ${{secrets.CREDENTIAL_SECRET}}LAN-Firewall(config)#
failover link FAILOVERLAN-Firewall(config)#
failover -
Each time a configuration will be saved on the primary (LAN-Firewall-1), the secundary/mate (LAN-Firewall) will received it.
LAN-Firewall/stby(config)#