Which of the following features are supported on a Cisco ASA operating in multiple context mode? (Select 2 choices.)
- active/active failover
- active/standby failover
- multicast routing
Active/active failover and active/standby failover are supported on a Cisco Adaptive Security Appliance (ASA) operating in multiple context mode. In multiple context mode, you can divide a single ASA into multiple security contexts, which function as individual virtual devices with unique policies, even though they reside on a single piece of hardware. Multiple context mode enables the separation of different departments or business units that share a single physical ASA. When an ASA operating in transparent firewall mode is placed into multiple context mode, each context will also operate in transparent mode.
The following features are not supported when an ASA is operating in multiple context mode:
– Routing Information Protocol (RIP)
– Open Shortest Path First version 3 (OSPFv3)
– Threat detection
– Multicast routing
– Unified Communication Services
– Quality of Service (QoS)
In an active/standby configuration, one ASA serves as the active unit and forwards traffic for network clients. A second ASA functions as a standby unit, which monitors the status of the active unit but does not forward traffic for network clients. If a failover event is triggered, the standby unit takes on the role of the active unit. By contrast, an active/active failover configuration enables both ASAs to forward traffic for a select group of security contexts. With active/active failover, two failover groups exist on each ASA. When a failover event is triggered, the corresponding failover group on a standby unit can become active or the entire standby unit can become the new active unit. The type of failover resolution depends on the nature of the failover event.
In multiple context mode, as in single context mode, an ASA can also be configured to run in either routed firewall mode or transparent firewall mode. In routed mode, the firewall acts as a Layer 3 device by routing traffic between different subnets. In transparent mode, the firewall acts as a Layer 2 bridge by passing traffic through to destinations on the same subnet but not routing traffic to a destination on a different subnet. In addition to the unsupported features listed above, the following features are not supported on an ASA operating in transparent firewall mode:
– Dynamic Domain Name System (DNS)
– Dynamic Host Configuration Protocol (DHCP) relay