Last Updated on August 2, 2021 by Admin 3
You are using ASDM to verify a clientless SSL VPN configuration made by a junior administrator on an ASA. Please click exhibit to answer the following questions.
Exhibit:
Which of the following statements are true regarding clientless SSL VPN connections that are made by using the boson tunnel group? (Select 3 choices.)
- VPN clients will be authenticated using the local AAA database.
- VPN clients will be authenticated using digital certificates.
- The DfltGrpPolicy group policy will be applied to the VPN connections.
- The boson_grp group policy will be applied to the VPN connections.
- No welcome banner will be displayed to VPN clients.
- A welcome banner will be displayed to VPN clients.
Virtual private network (VPN) clients will be authenticated using the local Authentication, Authorization, and Accounting (AAA) database, the boson_grp group policy will be applied to the VPN connections, and a welcome banner will be displayed to VPN clients. When configuring a tunnel group, which is also known as a connection profile, in Cisco Adaptive Security Device Manager (ASDM), you can specify a number of parameters. For example, you can specify the type of authentication to use and the default group policy to use for VPN connections made by using the tunnel group. This information can be configured or modified on the Add or Edit Clientless SSL VPN Connection Profile dialog box in ASDM. To access this dialog box in ASDM, you should click Configuration, click the Remote Access VPN button, expand Clientless SSL VPN Access, and click Connection Profiles. You should then doubleclick a connection profile, which will open the Edit Clientless SSL VPN Connection Profile dialog box for the selected connection profile. The Edit Clientless SSL VPN Connection Profile dialog box for the boson tunnel group is shown in the following exhibit:
The Authentication section of the Basic screen of the Edit Clientless SSL VPN Connection Profile dialog box indicates that the tunnel group will use the local AAA database for user authentication. Thus any VPN connections made by using this tunnel group will be authenticated against the AAA database.
The Default Group Policy section indicates that the boson_grp group policy will be applied to this connection profile. That is, the settings in the boson_grp group policy will apply to VPN users who connect by using the boson tunnel group.
You can view the details of the boson_grp group policy to determine whether a banner message will be displayed to VPN clients. This information is displayed on the Generalpane of the Add or Edit Internal Group Policy dialog box. To view the details of an existing group policy for clientless SSL VPN users in ASDM, you should click Configuration, expand Clientless SSL VPN Access, and click Group Policies. You can then doubleclick boson_grp, which will open the Edit Internal Group Policy dialog box, which is shown in the following exhibit:
The Banner entry contains a value of Welcome to Boson Software! Because VPN connections made by using the boson tunnel group will use the boson_grp group policy, you can determine that VPN users will be shown a welcome banner in this scenario.