300-730 Exam Dumps - Cisco CCNP Security Questions and Answers

the show crypto ukev2 sa output from the ASA, the local selector is 192.168.0.0/24 the remote selector is 172.16.2.0/24 ( which is wrong , should be .20.0/24) . so , the ACL in the ASA should be to permit 192.168.0.0/24 to 172.16.20.0/24

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dplane/configuration/xe-16-8/sec-ipsec-data-plane-xe-16-8-book/sec-ipsec-antireplay.html#GUID-1FF00FBB-0746-48B2-A02A-2BB066BEDEF8

https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/webvpn.html

https://www.cisco.com/c/en/us/support/docs/security/flexvpn/116528-config-flexvpn-00.html

https://www.cisco.com/c/en/us/support/docs/security/flexvpn/200555-FlexVPN-AnyConnect-IKEv2-Remote-Access.pdf

HTTP (Hypertext Transfer Protocol) is used for transferring web resources, such as web pages and HTML documents, across the internet. CIFS (Common Internet File System) is used for sharing files and printers between computers on a network. ICA (Citrix), VNC (Virtual Network Computing), and RDP (Remote Desktop Protocol) are not enabled by default on the Cisco ASA Clientless SSL VPN portal.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/vpn/asa-94-vpn-config/webvpn-configure-gateway.html

According to the Implementing Secure Solutions with Virtual Private Networks (SVPN) documents and learning resources available at cisco.com, the two features that provide headend resiliency for Cisco AnyConnect clients are:

• AnyConnect Backup Servers: This feature allows the AnyConnect client to automatically connect to a backup server in case the primary server is unreachable or fails. The backup server list is configured on the ASA or IOS headend and pushed to the client during the VPN connection establishment. The client can also manually select a backup server from the list if needed. This feature enhances the availability and reliability of the VPN service for the clients12.
• ASA failover: This feature enables two identical ASAs to be paired together as an active/standby or active/active pair. The ASAs synchronize their configuration and state information and monitor each other’s health. If the active ASA fails or becomes unreachable, the standby ASA takes over the traffic and VPN sessions without any disruption for the clients. This feature provides high availability and redundancy for the VPN headend34.

1: AnyConnect Backup Servers 2: Redundancy options for IOS Headend for AnyConnect Clients 3: ASA Failover 4: AnyConnect Implementation and Performance/Scaling Reference for COVID-19 Preparation