Which of the following features are supported on a Cisco ASA operating in multiple context mode? (Select 2
choices.)
A.
RIP
B.
active/active failover
C.
active/standby failover
D.
QoS
E.
multicast routing
Explanation:
Active/active failover and active/standby failover are supported on a Cisco Adaptive Security Appliance (ASA)
operating in multiple context mode. In multiple context mode, you can divide a single ASA into multiple security
contexts, which function as individual virtual devices with unique policies, even though they reside on a single
piece of hardware. Multiple context mode enables the separation of different departments or business units that
share a single physical ASA. When an ASA operating in transparent firewall mode is placed into multiple
context mode, each context will also operate in transparent mode.
The following features are not supported when an ASA is operating in multiple context mode:
– Routing Information Protocol (RIP)
– Open Shortest Path First version 3 (OSPFv3)
– Threat detection- Multicast routing
– Unified Communication Services
– Quality of Service (QoS)
In an active/standby configuration, one ASA serves as the active unit and forwards traffic for network clients. A
second ASA functions as a standby unit, which monitors the status of the active unit but does not forward traffic
for network clients. If a failover event is triggered, the standby unit takes on the role of the active unit. By
contrast, an active/active failover configuration enables both ASAs to forward traffic for a select group of
security contexts. With active/active failover, two failover groups exist on each ASA. When a failover event is
triggered, the corresponding failover group on a standby unit can become active or the entire standby unit can
become the new active unit. The type of failover resolution depends on the nature of the failover event.
In multiple context mode, as in single context mode, an ASA can also be configured to run in either routed
firewall mode or transparent firewall mode. In routed mode, the firewall acts as a Layer 3 device by routing
traffic between different subnets. In transparent mode, the firewall acts as a Layer 2 bridge by passing traffic
through to destinations on the same subnet but not routing traffic to a destination on a different subnet. In
addition to the unsupported features listed above, the following features are not supported on an ASA operating
in transparent firewall mode:
– Dynamic Domain Name System (DNS)
– Dynamic Host Configuration Protocol (DHCP) relayCisco: PIX/ASA Active/Standby Failover Configuration Example: Introduction (PDF)
Cisco: PIX/ASA: Active/Active Failover Configuration Example: Introduction
Cisco: CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide: Unsupported Features