Refer to the exhibit.
Which two configurations are required on the Cisco ASAs so that the return traffic from the 10.10.10.100 outside server back to the 10.20.10.100 inside client can
be rerouted from the Active Ctx B context in ASA Two to the Active Ctx A context in ASA One? (Choose two.)
A.
stateful active/active failover
B.
dynamic routing (EIGRP or OSPF or RIP)
C.
ASR-group
D.
no NAT-control
E.
policy-based routing
F.
TCP/UDP connections replication
Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ha_active_active.html
Configuring Support for Asymmetrically Routed Packets When running in Active/Active failover, a unit may receive a return packet for a connection that originated
through its peer unit. Because the ASA that receives the packet does not have any connection information for the packet, the packet is dropped. This most
commonly occurs when the two ASAs in an Active/Active failover pair are connected to different service providers and the outbound connection does not use a NAT
address.
You can prevent the return packets from being dropped using the asr-group command on interfaces where this is likely to occur. When an interface configured with
the asr-group command receives a packet for which it has no session information, it checks the session information for the other interfaces that are in the same
group. If it does not find a match, the packet is dropped. If it finds a match, then one of the following actions occurs:
·If the incoming traffic originated on a peer unit, some or all of the layer 2 header is rewritten and the packet is redirected to the other unit. This redirection continues
as long as the session is active.
·If the incoming traffic originated on a different interface on the same unit, some or all of the layer 2 header is rewritten and the packet is reinjected into the stream.