Implementing Cisco Secure Mobility Solutions (SIMOS, legacy) — Question 30

An administrator wishes to limit the networks reachable over the Anyconnect VPN tunnels. Which configuration on the ASA will correctly limit the networks reachable to 209.165.201.0/27 and 209.165.202.128/27?

Answer options

• A. access-list splitlist standard permit 209.165.201.0 255.255.255.224 access-list splitlist standard permit 209.165.202.128 255.255.255.224 ! group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes split-tunnel-policy tunnelspecified split-tunnel-network-list value splitlist
• B. access-list splitlist standard permit 209.165.201.0 255.255.255.224 access-list splitlist standard permit 209.165.202.128 255.255.255.224 ! group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes split-tunnel-policy tunnelall split-tunnel-network-list value splitlist
• C. group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes split-tunnel-policy tunnelspecified split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224 split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224
• D. access-list splitlist standard permit 209.165.201.0 255.255.255.224 access-list splitlist standard permit 209.165.202.128 255.255.255.224 ! crypto anyconnect vpn-tunnel-policy tunnelspecified crypto anyconnect vpn-tunnel-network-list splitlist
• E. crypto anyconnect vpn-tunnel-policy tunnelspecified crypto anyconnect split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224

Correct answer: A

Explanation

Option A is correct because it uses a split tunnel policy that specifies the exact networks to be accessible through the VPN. The other options either do not reference the split-tunnel-policy correctly or do not limit access to the specified networks, thus failing to achieve the desired restriction.