You are using ASDM to verify a clientless SSL VPN configuration made by a junior administrator on an ASA. Please click exhibit to answer the following questions.
Which of the following tunneling protocols will the jane user account be able to use when establishing a clientless SSL VPN connection by using the boson tunnel group? (Select the best answer.)
Exhibit:
A. only clientless SSL VPN
B. only SSL VPN client
C. only IPSec
D. only L2TP/IPSec
E. both client and clientless SSL VPN
F. both clientless SSL VPN and IPSec
Explanation:
The jane user account will be able to use only the clientless Secure Sockets Layer (SSL) virtual private network (VPN) tunneling protocol when establishing a clientless SSL VPN connection by using the boson tunnel group. You can specify the tunneling protocols that can be used to establish a connection to a tunnel group, which is also known as a connection profile, either in a group policy or within a user account, depending on whether the tunneling protocol configuration should be applied to a group or to a single user.
When you configure a tunneling protocol, you can specify one or more of the following four options: Clientless SSL VPN, SSL VPN Client, IPSec, or L2TP/IPSec.
In this scenario, you can view the tunneling protocols that are configured for the jane user account by accessing her user account information in Cisco Adaptive Security Device Manager (ASDM) by clicking Configuration, clicking the Remote Access VPN button, expanding AAA/Local Users, clicking Local Users, and doubleclicking the jane user account, which will open the Edit User Account dialog box. You should then click VPN Policy, which will display a pane that includes a Tunneling Protocols entry. This entry for the jane user account is configured with the Inherit option, which means that the tunneling protocols that the jane user account can use will be inherited from a group policy that is associated with the jane user account. In this scenario, the jane user account is associated with the boson_grp group policy.
To view the tunneling protocols that are associated with the boson_grp group policy in ASDM, you should click Configuration, click the Remote Access VPN button, expand Clientless SSL VPN Access, select Group Policies, and double click boson_grp, which will open the Edit Internal Group Policy dialog box. The More Options section on the General pane displays the Tunneling Protocols entry. Only the Clientless SSL VPNoption is selected, as shown in the following exhibit:
Reference:
Cisco: General VPN Setup: Adding or Editing a Remote Access Internal Group Policy, General Attributes