Home » Cisco » 300-101 » Which option is one way to *MITIGATE* asymmetric routing on an active/active firewall setup for TCP-based connections?

Which option is one way to MITIGATE asymmetric routing on an active/active firewall setup for TCP-based connections?

08/09/2017 – by Mod_GuideK 1

Which option is one way to *MITIGATE* asymmetric routing on an active/active firewall setup for TCP-based connections?
A. Performing packet captures
B. Disabling asr-group commands on interfaces that are likely to receive asymetric traffic
C. Replacing them with redundant routers and allowing load balancing
D. Disabling stateful TCP checks

SHOW ANSWERS

One thought on “Which option is one way to MITIGATE asymmetric routing on an active/active firewall setup for TCP-based connections?”

Nakayan says:

12/15/2019 at 11:27 AM

D.

https://community.cisco.com/t5/security-documents/asa-asymmetric-routing-troubleshooting-and-mitigation/ta-p/3117045#toc-hId–668687005

Specifically for TCP-based connections, disabling stateful TCP checks can help mitigate asymmetric routing. When TCP state checks are disabled, the ASA can allow packets in a TCP connection even if the ASA didn’t see the entire TCP 3-way handshake.

Reply

One thought on “Which option is one way to *MITIGATE* asymmetric routing on an active/active firewall setup for TCP-based connections?”

Leave a Reply Cancel reply

One thought on “Which option is one way to MITIGATE asymmetric routing on an active/active firewall setup for TCP-based connections?”