You are using ASDM to verify a clientless SSL VPN configuration made by a junior administrator on an ASA.Please click exhibit to answer the following questions.
Exhibit:
Which of the following statements are true regarding clientless SSL VPN connections that are made by using
the boson tunnel group? (Select 3 choices.)
A.
VPN clients will be authenticated using the local AAA database.
B.
VPN clients will be authenticated using digital certificates.
C.
The DfltGrpPolicy group policy will be applied to the VPN connections.
D.
The boson_grp group policy will be applied to the VPN connections.
E.
No welcome banner will be displayed to VPN clients.
F.
A welcome banner will be displayed to VPN clients.
Explanation:
Virtual private network (VPN) clients will be authenticated using the local Authentication, Authorization, and
Accounting (AAA) database, the boson_grp group policy will be applied to the VPN connections, and a welcome
banner will be displayed to VPN clients. When configuring a tunnel group, which is also known as a connection
profile, in Cisco Adaptive Security Device Manager (ASDM), you can specify a number of parameters. For
example, you can specify the type of authentication to use and the default group policy to use for VPN
connections made by using the tunnel group. This information can be configured or modified on the Add or Edit
Clientless SSL VPN Connection Profile dialog box in ASDM. To access this dialog box in ASDM, you should
click Configuration, click the Remote Access VPN button, expand Clientless SSL VPN Access, and click
Connection Profiles. You should then doubleclick a connection profile, which will open the Edit Clientless SSL
VPN Connection Profile dialog box for the selected connection profile. The Edit Clientless SSL VPN Connection
Profile dialog box for the boson tunnel group is shown in the following exhibit:The Authentication section of the Basic screen of the Edit Clientless SSL VPN Connection Profile dialog box
indicates that the tunnel group will use the local AAA database for user authentication. Thus any VPN
connections made by using this tunnel group will be authenticated against the AAA database.
The Default Group Policy section indicates that the boson_grp group policy will be applied to this connection
profile. That is, the settings in the boson_grp group policy will apply to VPN users who connect by using the
boson tunnel group.
You can view the details of the boson_grp group policy to determine whether a banner message will be
displayed to VPN clients. This information is displayed on the Generalpane of the Add or Edit Internal Group
Policy dialog box. To view the details of an existing group policy for clientless SSL VPN users in ASDM, youshould click Configuration, expand Clientless SSL VPN Access, and click Group Policies. You can then
doubleclick boson_grp, which will open the Edit Internal Group Policy dialog box, which is shown in the following
exhibit:The Banner entry contains a value of Welcome to Boson Software! Because VPN connections made by using
the boson tunnel group will use the boson_grp group policy, you can determine that VPN users will be shown a
welcome banner in this scenario.Cisco: Configuring Tunnel Groups, Group Policies, and Users: Connection Profiles
Cisco: General VPN Setup: Adding or Editing a Remote Access Internal Group Policy, General Attributes