300-730 · Question #208
300-730 Question #208: Real Exam Question with Answer & Explanation
The correct answer is D: Add port mapping for the new server to the existing port forwarding list.. In Clientless SSL VPN, port forwarding lists define which internal TCP-based applications are accessible through the Application Access feature. Adding the new server to the existing list makes it immediately available to all group policies already referencing that list.
Question
Options
- AConfigure identity NAT for the new server.
- BAllow HTTPS traffic to the new server in an access list bound to the outside interface.
- CCreate a new port forwarding list for the new server and enable the list in a group policy.
- DAdd port mapping for the new server to the existing port forwarding list.
Explanation
In Clientless SSL VPN, port forwarding lists define which internal TCP-based applications are accessible through the Application Access feature. Adding the new server to the existing list makes it immediately available to all group policies already referencing that list.
Common mistakes.
- A. Identity NAT is used for address translation exemptions and has no effect on which servers Clientless SSL VPN users can reach through port forwarding.
- B. An access list on the outside interface controls inbound connections to the ASA itself, not the internal resources reachable by already-authenticated Clientless SSL VPN users.
- C. Creating a new port forwarding list would also require updating every relevant group policy to reference the new list, making it unnecessarily complex compared to adding the server to the existing list.
Concept tested. Clientless SSL VPN port forwarding list management
Topics
Community Discussion
No community discussion yet for this question.