Cisco
300-320 · Question #59
300-320 Question #59: Real Exam Question with Answer & Explanation
The correct answer is C: Assign similar interfaces on each firewall to the same asymmetric routing group.. Assigning interfaces on both firewalls to the same asymmetric routing (ASR) group allows the standby unit to forward return traffic correctly when packets arrive on a different unit than the one that saw the outbound flow.
Question
Which option prevents the dropping of asymmetrically routed packets in active/active failover paired firewalls?
Options
- ANothing can be done to prevent this from happening.
- BConfigure different policies on both firewalls.
- CAssign similar interfaces on each firewall to the same asymmetric routing group.
- DAssign similar interfaces on each firewall to a different asymmetric routing group.
Explanation
Assigning interfaces on both firewalls to the same asymmetric routing (ASR) group allows the standby unit to forward return traffic correctly when packets arrive on a different unit than the one that saw the outbound flow.
Common mistakes.
- A. ASR groups on Cisco ASA active/active failover are specifically designed to handle asymmetric routing, so the problem is preventable.
- B. Configuring different policies on each firewall does not resolve the state mismatch problem caused by return traffic arriving on the wrong unit.
- D. Assigning interfaces to different ASR groups means the two units cannot share connection state for those interfaces, which worsens the problem rather than resolving it.
Concept tested. ASA active/active failover asymmetric routing groups
Community Discussion
No community discussion yet for this question.