300-730 Question #187: Real Exam Question with Answer & Explanation

The correct answer is B: It binds group policy and vpn together.. A tunnel-group (connection profile) on Cisco ASA acts as the binding object that ties together a group policy, authentication method, and VPN connection type for Secure Client remote-access sessions.

Remote Access VPN

Question

What is the role of a tunnel-group configuration of Secure Client remote-access vpn on Cisco ASA?

Options

AIt enables clientless webvpn.
BIt binds group policy and vpn together.
CIt configures a Secure Client group policy.
DIt provides an IP address pool.

Explanation

A tunnel-group (connection profile) on Cisco ASA acts as the binding object that ties together a group policy, authentication method, and VPN connection type for Secure Client remote-access sessions.

Common mistakes.

A. Enabling clientless WebVPN is done through the 'webvpn' configuration block on the ASA interface, not through the tunnel-group.
C. A Secure Client group policy is configured separately using the 'group-policy' command; the tunnel-group references that policy but does not itself define the policy attributes.
D. IP address pools are defined with the 'ip local pool' command and then assigned within the group-policy or tunnel-group general-attributes, but providing a pool is not the primary defining role of the tunnel-group.

Concept tested. Cisco ASA tunnel-group role in remote-access VPN

Reference. https://www.cisco.com/c/en/us/td/docs/security/asa/asa914/configuration/vpn/asa-914-vpn-config/vpn-remote-access.html

Topics

#tunnel-group#group policy#Secure Client#ASA

Community Discussion

No community discussion yet for this question.

Full 300-730 Practice