Which option is one way to *MITIGATE* asymmetric routing on an active/active firewall setup for TCP-based connections?
A. Performing packet captures
B. Disabling asr-group commands on interfaces that are likely to receive asymetric traffic
C. Replacing them with redundant routers and allowing load balancing
D. Disabling stateful TCP checks
D.
https://community.cisco.com/t5/security-documents/asa-asymmetric-routing-troubleshooting-and-mitigation/ta-p/3117045#toc-hId–668687005
Specifically for TCP-based connections, disabling stateful TCP checks can help mitigate asymmetric routing. When TCP state checks are disabled, the ASA can allow packets in a TCP connection even if the ASA didn’t see the entire TCP 3-way handshake.