You have configured an ASA to accept SSL VPN connections. DTLS and DPD are configured on the ASA.
Which of the following is most likely to occur if a Cisco AnyConnect client that is not configured for DTLS
attempts to connect to the ASA? (Select the best answer.)
A.
The client will be unable to establish a connection to the ASA.
B.
The client will still be able to connect by using DTLS and will be able to communicate on the remote
network.
C.
The client will be able to connect by using TLS and will be able to communicate on the remote network.
D.
The client will be able to establish a connection to the ASA but will be unable to communicate on the remote
network.
Explanation:
The client will be able to connect by using Transport Layer Security (TLS) and will be able to communicate on
the remote network. Datagram TLS (DTLS) is the default transport method for Secure Sockets Layer (SSL)
virtual private network (VPN) connections on Cisco Adaptive Security Appliance (ASA) devices. However, if
DTLS is not enabled on the VPN client, TLS can be used as a fallback method for data transport. In such a
scenario, the client will establish a TLS connection and will be able to communicate on the remote network,
provided that the user has access to the client network. In order for an ASA to fall back to TLS, Dead Peer
Detection (DPD) must be enabled on the ASA. DPD is a feature that can determine whether the other end of a
link is not responding and the connection has failed. If DPD determines that the client is not responding, the
connection will revert to using TLS as the transport method.Cisco: Configuring AnyConnect VPN Client Connections: Configuring DTLS