2 Comments on “Which command will prevent a group policy from inheriting a filter ACL in a clientless SSL VPN?”

1. me says:

   October 23, 2014 at 4:53 pm

   Answer is A.

   asa(config-group-policy)# vpn-filter ?

   group-policy mode commands/options:
   none Specify that no filter will be applied to users
   value Specify the name of a filter that will be applied to users
   asa(config-group-policy)# vpn-filter none

   
   
   
   0

   
   
   
   1
2. Unicast says:

   March 17, 2016 at 12:51 pm

   Specifying the Access List for Clientless SSL VPN Sessions

   Specify the name of the access list to use for clientless SSL VPN sessions for this group policy or username by using the filter command in webvpn mode. Clientless SSL VPN access lists do not apply until you enter the filter command to specify them.

   To remove the access list, including a null value created by issuing the filter none command, enter the no form of this command. The no option allows inheritance of a value from another group policy. To prevent inheriting filter values, enter the filter value none command.

   Access lists for clientless SSL VPN sessions do not apply until you enter the filter command to specify them.

   You configure ACLs to permit or deny various types of traffic for this group policy. You then enter the filter command to apply those ACLs for clientless SSL VPN traffic.

   hostname(config-group-webvpn)# filter {value ACLname | none}

   hostname(config-group-webvpn)# no filter

   The none keyword indicates that there is no webvpntype access list. It sets a null value, thereby disallowing an access list and prevents inheriting an access list from another group policy.

   The ACLname string following the keyword value provides the name of the previously configured access list.

   http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_groups.html

   
   
   
   1

   
   
   
   0