{"id":2798,"date":"2026-01-09T21:20:00","date_gmt":"2026-01-09T21:20:00","guid":{"rendered":"https:\/\/www.balajibandi.com\/?p=2798"},"modified":"2026-01-22T19:21:31","modified_gmt":"2026-01-22T19:21:31","slug":"94-days-to-ccie-sec-v6-1-lab","status":"publish","type":"post","link":"https:\/\/www.balajibandi.com\/?p=2798","title":{"rendered":"94 Days to CCIE SEC v6.1 Lab"},"content":{"rendered":"\n

ASA and FTD Clustering<\/a><\/mark><\/strong><\/p>\n\n\n\n

Today we are going to use 2 ASAs, cluster them, and run the tests.<\/p>\n\n\n\n

Per the prerequisites, the ASA must be multi-mode; configure multiple modes. The ASA will make the changes and reboot.<\/p>\n\n\n\n

we are going to use below topology :<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

On the switch, we created a Port-channel and used a sub-interface with VLAN tagging.<\/p>\n\n\n\n

SW1 – Configuration <\/strong><\/mark><\/p>\n\n\n\n

config t
!
vlan 2-4
!
interface port-channel 1
switch trunk encapsulation dot1q
switchport mode trunk
switch trunk allowed vlan 2-4
shutdown
!
interface range eth0\/0-2
switch trunk encapsulation dot1q
switchport mode trunk
switch trunk allowed vlan 2-4
channel-group 1 mode active
no shutdown
!
port-channel load-balance src-dst-ip
!
interface port-channel 1
no shut
!
end
!
wr<\/p>\n\n\n\n

ASA1 and ASA2 Configuration :<\/strong><\/mark><\/p>\n\n\n\n

ASA1 and ASA2:<\/p>\n\n\n\n

config t
!
mode Multiple
! (Both ASA reboot)<\/p>\n\n\n\n

ASA1 <\/p>\n\n\n\n

interface ethernet 2
no shutdown
interface ethernet 5
no shutdown
cluster interface-mode spanned force
cluster group cisco
local-unit ASA1
cluster-interface ethernet 5 ip 192.168.100.1 255.255.255.0
priority 1
mtu cluster 9000
mac-address auto
!<\/p>\n\n\n\n

interface port-channel 1
port-channel span-cluster
!
interface eth0
channel-group 1 mode active
no shut
!
interface eth1
channel-group 1 mode active
no shut
!
interface port-channel 1.2
vlan 2
interface port-channel 1.3
vlan 3
interface port-channel 1.4
vlan 4
!
admin-context admin
context admin
config-url disk0:admin.cfg
allocate-interface eth2 management
allocate-interface port-channel1.2
allocate-interface port-channel1.3
allocate-interface port-channel1.4
!
cluster group cisco
enable<\/p>\n\n\n\n

wr<\/p>\n\n\n\n

ASA2<\/p>\n\n\n\n

interface ethernet 2
no shutdown
interface ethernet 5
no shutdown
cluster interface-mode spanned force
cluster group cisco
local-unit ASA2
cluster-interface ethernet 5 ip 192.168.100.2 255.255.255.0
priority 2
mtu cluster 9000
mac-address auto
!
cluster group cisco
enable as-slave
!
wr<\/p>\n\n\n\n

You will notice ASA1 and ASA 2 message when they form Cluster :<\/p>\n\n\n\n

ASA1<\/p>\n\n\n\n

Cluster unit ASA1 transitioned from DISABLED to MASTER<\/p>\n\n\n\n

Beginning configuration replication to Slave ASA2
End Configuration Replication to slave.<\/p>\n\n\n\n

ASA2<\/p>\n\n\n\n

End configuration replication from Master.<\/p>\n\n\n\n

Cluster unit ASA2 transitioned from DISABLED to SLAVE<\/p>\n\n\n\n

Cluster Verifications :<\/mark><\/strong><\/p>\n\n\n\n

Switch we see port-channel up with LACP :<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

show cluster info
ASA1<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

ASA2<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Configuring inside and outside configuration :<\/mark><\/strong><\/p>\n\n\n\n

changeto context admin<\/p>\n\n\n\n

interface port-channel1.2
nameif inside
security-level 100
ip address 10.10.10.1 255.255.255.0
!
interface port-channel1.4
nameif outside
security-level 0
ip address 172.26.10.1 255.255.255.0
!<\/p>\n\n\n\n

Happy Labingggggggggggggggggg!<\/strong><\/p>\n\n\n\n

<\/p>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

ASA and FTD Clustering Today we are going to use 2 ASAs, cluster them, and run the tests. Per the prerequisites, the ASA must be multi-mode; configure multiple modes. The ASA will make the changes and reboot. we are going to use below topology : On the switch, we created a Port-channel and used a […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,2,1],"tags":[],"class_list":["post-2798","post","type-post","status-publish","format-standard","hentry","category-ccie-sec","category-cisco","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/2798","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2798"}],"version-history":[{"count":4,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/2798\/revisions"}],"predecessor-version":[{"id":2806,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/2798\/revisions\/2806"}],"wp:attachment":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}