ExamGecko
Search Search Login
Home Home / Cisco / 300-730
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
A DMVPN spoke is configured with IKEv1 to secure the tunnel. Despite having a configuration similar to other working spokes, the tunnel is not coming up. Packet captures on the spoke show packets leaving the spoke router, but not making it to the hub router. Which solution resolves this issue?
Cisco AnyConnect Secure Mobility Client has been configured to use IKEv2 for one group of users and SSL for another group. When the administrator configures a new AnyConnect release on the Cisco ASA, the IKEv2 users cannot download it automatically when they connect. What might be the problem?
Refer to the exhibit. An engineer must allow Cisco AnyConnect users to access the outside interface using protocol UDP 500/4500. In addition, these clients must be able to establish an SSL connection to update Cisco AnyConnect software over the same connection. Which two actions must be taken to achieve this goal? (Choose two.)
An engineer has successfully established a Phase 1 and Phase 2 tunnel between two sites. Site A has internal subnet 192.168.0.0/24 and Site B has internal subnet 10.0.0.0/24. The engineer notices that no packets are decrypted at Site B. Pings to 192.168.0.1 from internal Site B devices make it to the Site B router, and the Site A router has incrementing encrypt and decrypt counters. What must be done to ensure bidirectional communication between both sites?
What must be configured in a FlexVPN deployment to allow for direct communication between spokes connected to different hubs?
What are two advantages of using GETVPN to traverse over the network between corporate offices? (Choose two.)
Which feature allows a DMVPN Phase 3 spoke to switch to an alternate hub when the primary hub is unreachable?
An administrator is planning a VPN configuration that will encrypt traffic between multiple servers that will be passing unicast and multicast traffic. This configuration must be able to be implemented without the need to modify routing within the network. Which VPN technology must be used for this task?
Users cannot log in to a Cisco ASA using clientless SSLVPN. Troubleshooting reveals the error message "WebVPN session terminated: Client type not supported". Which step does the administrator take to resolve this issue?

Question 136 - 300-730 discussion

Report
Export

A router is being configured for IKEv2 AnyConnect using AnyConnect-EAP. How would the administrator separate profiles for administrators and employees so that authorization differs when they connect?

A.

Define group aliases on the headend and have the user pick the appropriate alias when they connect

Answers
A.

Define group aliases on the headend and have the user pick the appropriate alias when they connect

B.

Define group-urls on the headend and create two XML profiles to match the administrator and user group urls

Answers
B.

Define group-urls on the headend and create two XML profiles to match the administrator and user group urls

C.

Create a certificate map and match on the appropriate certificate fields

Answers
C.

Create a certificate map and match on the appropriate certificate fields

D.

Upgrade the Cisco AnyConnect Start Before Logon module to be compatible with the Cisco ASA software image.

Answers
D.

Upgrade the Cisco AnyConnect Start Before Logon module to be compatible with the Cisco ASA software image.

Suggested answer: B

Explanation:

According to the documentConfigure FlexVPN: AnyConnect IKEv2 Remote Access with Local UserDatabase, one way to separate profiles for administrators and employees is to use group-urls on theheadend and create two XML profiles to match the administrator and user group urls. This allows theheadend to assign different group-policies and tunnel-groups based on the group-url that the userconnects to. For example:webvpn enable outside anyconnect image disk0:/anyconnect-win-4.6.03049-webdeploy-k9.pkg 1anyconnect enable tunnel-group-list enable group-policy Admin internal group-policy Admin attributesvpn-tunnel-protocol ikev2 ssl-client address-pools value AdminPool group-policy User internal group-policy User attributes vpn-tunnel-protocol ikev2 ssl-client address-pools value UserPool tunnel-groupAdmin type remote-access tunnel-group Admin general-attributes default-group-policy Admin tunnel-group Admin webvpn-attributes group-url https://10.0.0.1/Admin enable tunnel-group User typeremote-access tunnel-group User general-attributes default-group-policy User tunnel-group Userwebvpn-attributes group-url https://10.0.0.1/User enableThe XML profiles can be created with the AnyConnect Profile Editor and uploaded to the headend. Theprofile for administrators should have the server list entry as:<ServerList> <HostEntry> <HostName>Admin</HostName> <HostAddress>10.0.0.1</HostAddress><PrimaryProtocol>IPsec</PrimaryProtocol> <UserGroup>Admin</UserGroup> </HostEntry></ServerList>The profile for users should have the server list entry as:<ServerList> <HostEntry> <HostName>User</HostName> <HostAddress>10.0.0.1</HostAddress><PrimaryProtocol>IPsec</PrimaryProtocol> <UserGroup>User</UserGroup> </HostEntry> </ServerList>This way, when the user connects to the headend, they can choose either Admin or User from the drop-down list and get the appropriate authorization based on their group-url.

Show Answer
asked 10/10/2024
Elvis WANDJI NGASSA
43 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms