which two verification steps should be performed if a u…

When troubleshooting a Cisco ASA that is operating in multiple context mode, which two verification steps should be performed if a user context does not pass user
traffic? (Choose two.)

When troubleshooting a Cisco ASA that is operating in multiple context mode, which two verification steps should be performed if a user context does not pass user
traffic? (Choose two.)

A.
Verify the interface status in the system execution space.

B.
Verify the mac-address-table on the Cisco ASA.

C.
Verify that unique MAC addresses are configured if the contexts are using nonshared interfaces.

D.
Verify the interface status in the user context.

E.
Verify the resource classes configuration by accessing the admin context.

Explanation:
http://www.ciscopress.com/articles/article.asp?p=426641
Packet Flow in Multiple Mode When the packets traverse through the security appliance in multiple mode, they are classified and forwarded to the right context. The
packets are then processed based on the configured security policies on a context. T Packet Classification In multiple mode, the security appliance must classify
the packets to find out which context should operate on them. The packet classification is done at the ingress interface point that tags the packets using the source
IP address, source port, destination IP address, destination port, and the interface or VLAN. The packet is processed based on the security policies configured in
that context.
That said we need to note also that:
System Configuration

The system administrator adds and manages contexts by configuring each context configuration location, allocated interfaces, and other context operating
parameters in the system configuration, which, like a single mode configuration, is the startup configuration. The system configuration identifies basic settings for
the security appliance. The system configuration does not include any network interfaces or network settings for itself; rather, when the system needs to access
network resources (such as downloading the contexts from the server), it uses one of the contexts that is designated as the admin context. The system
configuration does include a specialized failover interface for failover traffic only.
Context Configurations The security appliance includes a configuration for each context that identifies the security policy, interfaces, and almost all the options you
can configure on a standalone device. You can store context configurations on the internal Flash memory or the external Flash memory card, or you can download
them from a TFTP, FTP, or HTTP(S) server.



Leave a Reply 0

Your email address will not be published. Required fields are marked *