300-320 question 187 discussion


Which two of these correctly describe asymmetric routing and firewalls? (Choose two.)

  • A. only operational in routed mode
  • B. only operational in transparent mode
  • C. only eight interfaces can belong to an asymmetric routing group
  • D. operational in both failover and non-failover configurations
  • E. only operational when the firewall has been configured for failover
Created 11 months, 3 weeks ago by mark_3094


ASA active/active failiver is required for ASR groups, so D is wrong. E is correct https://books.google.com.au/books?id=GE41mDeQrLwC&pg=PA704&lpg=PA704&dq=asa+asr+group&source=bl&ots=EztAv-XuhJ&sig=r789sSn20_qC_L6NmDYlN9YLWoE&hl=en&sa=X&ved=0ahUKEwjs9ZOioO_UAhVCj5QKHfpwCIEQ6AEITjAF#v=onepage&q=asa%20asr%20group&f=false


D - correct with only 1 firewall but 2 "outside" interfaces (connected to 2 different ISPs) u can still observe asymmetric routing behavior C - I have doubts "Additional Guidelines and Limitations No two interfaces in the same context should be configured in the same ASR group." 8 is the limit of interfaces in traffic zones which is other feature used to deal with asymmetric routing https://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/interface-zones.html#65622




Answer C and D are correct. C - https://www.cisco.com/c/en/us/td/docs/security/security_management/cisco_security_manager/security_manager/4-1/user/guide/CSMUserGuide_wrapper/pxchap.html It states under "About Asymmetric Routing Groups" , "You must repeat the assignment for each interface that will participate in this ASR group. You can create up to 32 ASR groups and assign a maximum of eight interfaces to each group." D - https://supportforums.cisco.com/document/55536/asa-asymmetric-routing-troubleshooting-and-mitigation Examples B and C show a single and a pair of firewalls.