Which of the following commands should you issue to allow a packet to exit an ASA through the same interface through which it entered the ASA? (Select the best answer.)

Last Updated on August 3, 2021 by Admin 3

Which of the following commands should you issue to allow a packet to exit an ASA through the same interface through which it entered the ASA? (Select the best answer.)

  • samesecuritytraffic permit interinterface
  • samesecuritytraffic permit intrainterface
  • securitylevel 0
  • securitylevel 100
  • established
Explanation:
To allow a packet to exit a Cisco Adaptive Security Appliance (ASA) through the same interface through which it entered, which is also known as hairpinning, you should issue the samesecuritytraffic permit intrainterface command. By default, an ASA does not allow packets to enter and exit through the same physical interface. However, because multiple logical virtual LANs (VLANs) can be assigned to the same physical interface, it is sometimes necessary to allow a packet to enter and exit through the same interface. The samesecuritytraffic permit intrainterface command allows packets to be sent and received from the same interface even if the traffic is protected by IP Security (IPSec) security policies. Another scenario for which you would need to use the samesecuritytraffic permit intrainterface command is if multiple users need to connect via virtual private network (VPN) through the same physical interface. These users will not be able communicate with one another unless the samesecuritytraffic permit intrainterface command has been issued from global configuration mode.
You should not issue the samesecuritytraffic permit interinterface command to allow a packet to exit through the same interface through which it entered. The samesecuritytraffic permit interinterface command is used to allow communication between different interfaces that share the same security level. Typically, interfaces with the same security level are not allowed to communicate with each other.
You should not issue either the securitylevel 0 command or the securitylevel 100command to allow a packet to exit through the same interface through which it entered. The securitylevel command is used to set the security level on a physical interface. Security level 0 should be used to achieve the lowest security level possible, whereas security level 100 should be used to achieve the highest security level available.
You should not issue the established command to allow a packet to exit through the same interface through which it entered. The established command is used to allow inbound traffic on any interface that has already established an outbound connection with the ASA. For example, you could issue the established tcp 4567 0 command to configure the ASA to allow an external host to initiate a connection through the ASA to an internal host after the internal host has first established a Transmission Control Protocol (TCP) connection to port 4567 on the external host. The established command is often used to support protocols such as streaming media protocols that negotiate the ports for return traffic.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments