Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.CD.
The correct statements about the Cisco ASA Clientless SSL VPN solution are:
B. The rewriter enable command under the global webvpn configuration enables the rewriter functionality because that feature is disabled by default. C. A Cisco ASA can simultaneously allow Clientless SSL VPN sessions and AnyConnect client sessions.
Explanation:
A. This statement is false. When a client connects to the Cisco ASA Web VPN portal and tries to access HTTP resources through the URL bar, the ASA uses its configured DNS servers to perform FQDN resolution, not the local DNS of the client.
B. This statement is true. The Cisco ASA Clientless SSL VPN solution includes a rewriter functionality that allows the rewriting of URLs in web content to ensure that they are directed through the VPN tunnel. This feature is disabled by default, but it can be enabled with the "rewriter enable" command under the global webvpn configuration.
C. This statement is also true. A Cisco ASA can support both Clientless SSL VPN sessions and AnyConnect client sessions simultaneously. This allows different types of VPN connections to coexist on the same device and provides flexibility for different user scenarios.
D. This statement is false. The ASA uses its configured DNS servers to perform FQDN resolution, not the local DNS of the client.
E. This statement is also false. Clientless SSL VPN provides Layer 7 connectivity into the secured network, not Layer 3 connectivity. Layer 7 connectivity allows web-based applications to be accessed through the VPN, while Layer 3 connectivity would allow access to the entire network at the IP level.