300-730 · Question #148
300-730 Question #148: Real Exam Question with Answer & Explanation
The correct answer is C: Configure a dynamic split tunnel exclusion.. When full-tunnel VPN is in use, cloud-based applications like Webex suffer high RTT because traffic is backhauled through the corporate data center before reaching the internet. A dynamic split tunnel exclusion resolves this by allowing Webex traffic to egress directly.
Question
Options
- AConfigure QoS on the outside interface of the ASA.
- BConfigure Cisco AnyConnect to use DTLS.
- CConfigure a dynamic split tunnel exclusion.
- DReduce the Cisco AnyConnect tunnel MTU.
Explanation
When full-tunnel VPN is in use, cloud-based applications like Webex suffer high RTT because traffic is backhauled through the corporate data center before reaching the internet. A dynamic split tunnel exclusion resolves this by allowing Webex traffic to egress directly.
Common mistakes.
- A. Configuring QoS on the ASA outside interface prioritizes traffic within the existing path but does not reduce the fundamental RTT penalty caused by routing Webex traffic through the corporate data center.
- B. Switching AnyConnect from TLS to DTLS reduces per-packet overhead and head-of-line blocking but does not change the traffic path, so the cloud backhauling latency problem remains.
- D. Reducing the tunnel MTU influences fragmentation behavior, but the packet analysis explicitly shows no IP fragments, confirming that MTU is not contributing to the performance degradation.
Concept tested. Cisco AnyConnect dynamic split tunnel exclusion for cloud app performance
Community Discussion
No community discussion yet for this question.