Cisco
300-730 · Question #160
300-730 Question #160: Real Exam Question with Answer & Explanation
The correct answer is A: DHCP. In an ASA VPN load-balancing cluster serving thousands of daily AnyConnect connections, a centralized DHCP server prevents IP address overlap by maintaining a single authoritative lease table across all ASAs.
Question
Two Cisco ASAs are set up in a VPN load-balancing configuration to an environment where there are thousands of unique Cisco AnyConnect connections per day. Which scalable IP address assignment method must be implemented on the ASAs to achieve minimal overlap when assigning IP addresses from the same subnet to AnyConnect clients?
Options
- ADHCP
- Blocal
- CRADIUS framed IP address
- DRADIUS address pools
Explanation
In an ASA VPN load-balancing cluster serving thousands of daily AnyConnect connections, a centralized DHCP server prevents IP address overlap by maintaining a single authoritative lease table across all ASAs.
Common mistakes.
- B. Local address pools are managed independently on each ASA, meaning two ASAs can assign the same IP address from the same subnet to different clients simultaneously, causing overlap and routing failures.
- C. RADIUS framed IP assigns a static IP per individual user account, which does not scale to thousands of unique daily connections involving dynamic or unknown users.
- D. RADIUS address pools delegate pool selection to RADIUS but each pool is still assigned and tracked per ASA, which does not prevent the same address from being issued by two different ASAs sharing the same subnet.
Concept tested. Scalable IP address assignment for ASA VPN load balancing
Community Discussion
No community discussion yet for this question.