Implementing Secure Solutions with Virtual Private Networks (SVPN) — Question 70

A router is being configured for IKEv2 AnyConnect using AnyConnect-EAP. How would the administrator separate profiles for administrators and employees so that authorization differs when they connect?

Answer options

• A. Define group aliases on the headend and have the user pick the appropriate alias when they connect
• B. Define group-urls on the headend and create two XML profiles to match the administrator and user group urls
• C. Create a certificate map and match on the appropriate certificate fields
• D. Define key-ids on the headend and create two XML profiles to match the administrator and user key-ids.

Correct answer: D

Explanation

The correct answer is D because defining key-ids allows the router to differentiate between administrators and employees based on their connection credentials, enabling tailored authorization. Options A and B focus on group selection methods which do not provide the necessary separation for authorization, while option C deals with certificates rather than specific user profiles.