Topology:

Scenario:
You are the network security manager for your organization.
Your manager has received a request to allow an external user to access to your HQ and DM2
servers.
You are given the following connection parameters for this task.
Using ASDM on the ASA, configure the parameters below and test your configuration by accessing
the Guest PC. Not all AS DM screens are active for this exercise.
Also, for this exercise, all changes are automatically applied to the ASA and you will not have to
click APPLY to apply the changes manually.
• Enable Clientless SSL VPN on the outside interface
• Using the Guest PC, open an Internet Explorer window and test and verify
the basic connection to the SSL VPN portal using address: https://vpnsecure-x.public
• a. You may notice a certificate error in the status bar, this can be
ignored for this exercise
• b. Username: vpnuser
• c. Password: cisco123
• d. Logout of the portal once you have verified connectivity
• Configure two bookmarks with the following parameters:
• a. Bookmark List Name: MY-BOOKMARKS
• b. Use the: URL with GET or POST method
• c. Bookmark Title: HQ-Server
• i. http://10.10.3.20
• d. Bookmark Title: DMZ-Server-FTP
• i. ftp://172.16.1.50
• e. Assign the configured Bookmarks to:
• i. DfltGrpPolicy

• ii. DfltAccessPolicy
• iii. LOCAL User: vpnuser
• From the Guest PC, reconnect to the SSL VPN Portal
• Test both configured Bookmarks to ensure desired connectivity
You have completed this exercise when you have configured and successfully tested Clientless
SSL VPN connectivity.
Topology:

Scenario:
You are the network security manager for your organization.
Your manager has received a request to allow an external user to access to your HQ and DM2
servers.
You are given the following connection parameters for this task.
Using ASDM on the ASA, configure the parameters below and test your configuration by accessing
the Guest PC. Not all AS DM screens are active for this exercise.
Also, for this exercise, all changes are automatically applied to the ASA and you will not have to
click APPLY to apply the changes manually.
• Enable Clientless SSL VPN on the outside interface
• Using the Guest PC, open an Internet Explorer window and test and verify
the basic connection to the SSL VPN portal using address: https://vpnsecure-x.public
• a. You may notice a certificate error in the status bar, this can be
ignored for this exercise
• b. Username: vpnuser
• c. Password: cisco123
• d. Logout of the portal once you have verified connectivity
• Configure two bookmarks with the following parameters:
• a. Bookmark List Name: MY-BOOKMARKS
• b. Use the: URL with GET or POST method
• c. Bookmark Title: HQ-Server
• i. http://10.10.3.20
• d. Bookmark Title: DMZ-Server-FTP
• i. ftp://172.16.1.50
• e. Assign the configured Bookmarks to:
• i. DfltGrpPolicy

• ii. DfltAccessPolicy
• iii. LOCAL User: vpnuser
• From the Guest PC, reconnect to the SSL VPN Portal
• Test both configured Bookmarks to ensure desired connectivity
You have completed this exercise when you have configured and successfully tested Clientless
SSL VPN connectivity.
Topology:

Answer: See the explanation

Explanation:
First, enable clientless VPN access on the outside interface by checking the box found below:

Then, log in to the given URL using the vpnuser/cisco123 credentials:

Logging in will take you to this page, which means you have now verified basic connectivity:

Now log out by hitting the logout button.
Now, go back to the ASDM and navigate to the Bookmarks portion:

Make the name MY-BOOKMARKS and use the “Add” tab and add the bookmarks per the
instructions:

Ensure the “URL with GET of POST method” button is selected and hit OK:

Add the two bookmarks as given in the instructions:

Hit OK and you will see this:

Select the MY-BOOKMARKS Bookmarks and click on the “Assign” button.
Then, click on the appropriate check boxes as specified in the instructions and hit OK.

After hitting OK, you will now see this:

Then, go back to the Guest-PC, log back in and you should be able to test out the two new
bookmarks.



Leave a Reply 1

Your email address will not be published. Required fields are marked *


Lenia

Lenia

Nore 2018 New 300-208 Questions and Answers:

QUESTION 180
You have deployed new Cisco AnyConnect start before logon modules and set the configuration to download modules before logon, but all client connections continue to use the previous version of the module. Which action must you take to correct the problem?

A. Configure start before logon in the client profile.
B. Configure a group policy to prompt the user to download the updated module.
C. Define the modules for download in the client profile.
D. Define the modules for download in the group policy.

Answer: A

QUESTION 181
Which feature do you include in a highly available system to account for potential site failures?

A. geographical separation of redundant devices
B. hot/standby failover pairs
C. Cisco ACE load-balancing with VIP
D. dual power supplies

Answer: A

QUESTION 182
Refer to the exhibit. Which VPN solution does this configuration represent?

A. DMVPN
B. GETVPN
C. FlexVPN
D. site-to-site

Answer: B

QUESTION 183
Which VPN type can be used to provide secure remote access from public internet cafes and airport kiosks?

A. site-to-site
B. business-to-business
C. Clientless SSL
D. DMVPN

Answer: C

QUESTION 184
Refer to the exhibit. Which VPN solution does this configuration represent?

A. Cisco AnyConnect (IKEv2)
B. site-to-site
C. DMVPN
D. SSL VPN

Answer: D

QUESTION 185
What must be enabled in the web browser of the client computer to support Clientless SSL VPN?

A. cookies
B. ActiveX
C. Silverlight
D. popups

Answer: A

QUESTION 186
Which VPN feature allows remote access clients to print documents to local network printers?

A. Reverse Route Injection
B. split tunneling
C. loopback addressing
D. dynamic virtual tunnels

Answer: B

QUESTION 187
Which option is most effective at preventing a remote access VPN user from bypassing the corporate transparent web proxy?

A. using the proxy-server settings of the client computer to specify a PAC file for the client computer to download
B. instructing users to use the corporate proxy server for all web browsing
C. disabling split tunneling
D. permitting local LAN access

Answer: C

QUESTION 188
Which option is an example of an asymmetric algorithm?

A. 3DES
B. IDEA
C. AES
D. RSA

Answer: D

More New 300-209 Practice Tests: https://www.braindump2go.com/300-209.html