Filter
Top Products
11-45
Cisco ASDM User Guide
OL-16647-01
Chapter 11 Configuring Dynamic And Static Routing
ASR Group
Modes
The following table shows the modes in which this feature is available:
ASR Group
Use the ASR Group screen to assign asynchronous routing group ID numbers to interfaces.
In some situations, return traffic for a session may be routed through a different interface than it
originated from. In failover configurations, return traffic for a connection that originated on one unit may
return through the peer unit. This most commonly occurs when two interfaces on a single security
appliance, or two security appliances in a failover pair, are connected to different service providers and
the outbound connection does not use a NAT address. By default, the security appliance drops the return
traffic because there is no connection information for the traffic.
You can prevent the return traffic from being dropped using an ASR Group on interfaces where this is
likely to occur. When an interface configured with an ASR Group receives a packet for which it has no
session information, it checks the session information for the other interfaces that are in the same group.
If it does not find a match, the packet is dropped. If it finds a match, then one of the following actions
occurs:
• If the incoming traffic originated on a peer unit in a failover configuration, some or all of the layer
2 header is rewritten and the packet is redirected to the other unit. This redirection continues as long
as the session is active.
• If the incoming traffic originated on a different interface on the same unit, some or all of the layer
2 header is rewritten and the packet is reinjected into the stream.
Prerequisites
You must enable Stateful Failover for session information to be passed from the standby failover group
to the active failover group.
Fields
The ASR Group table displays the following information for each interface on the security appliance:
• Interface—Displays the name of the interface on the security appliance.
• ASR Group ID—Displays the number of the ASR Group the interface belongs to. If the interface
has not been assigned an ASR Group number, this column displays “-- None --”. Valid values are
from 1 to 32.
To assign an ASR Group number to an interface, click the ASR Group ID cell in the row of the
desired interface. A list of valid ASR Group number appears. Select the desired ASR Group number
from the list. You can assign a maximum of 8 interfaces to a single ASR Group. If other contexts
have interfaces assigned to an ASR Group, those interface count against the total of 8, even for the
context currently being configured.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——