Implementing Secure Solutions with Virtual Private Networks (SVPN) — Question 145

A network administrator deployed IKEv2 Cisco AnyConnect on a Cisco ASA. The current configuration tunnels all traffic through the VPN. Users report poor performance with cloud-based applications, but no issues have been reported about connections to on-premises servers. Packet analysis on Cisco Webex traffic shows very few duplicate ACKs, high RTT, and no IP fragments. Which action improves Webex performance for VPN users?

Answer options

• A. Configure QoS on the outside interface of the ASA.
• B. Configure Cisco AnyConnect to use DTLS.
• C. Configure a dynamic split tunnel exclusion.
• D. Reduce the Cisco AnyConnect tunnel MTU.

Correct answer: C

Explanation

Configuring a dynamic split tunnel exclusion allows specific traffic, like Cisco Webex, to bypass the VPN, improving performance by reducing latency and congestion. The other options either focus on quality of service or connection settings that do not address the tunneling of all traffic, which is causing the performance issue.