[TABS_R id=8782]
You are using ASDM to verify a VPN configuration made by another administrator on an ASA. Please click exhibit to examine the network configuration.
Exhibit:
A user accesses the VPN by typing https://203.0.113.1/default in a browser’s location bar. Which of the following methods will authenticate the user? (Select 2 choices.)
- a RADIUS server
- a TACACS+ server
- the HTTP credentials
- the local database
- a certificate
Explanation:
A user who accesses the virtual private network (VPN) by typing https://203.0.113.1/default in a browser’s location bar will be authenticated by using both the Cisco Adaptive Security Appliance (ASA) Authentication, Authorization, and Accounting (AAA) local database and by using a certificate. In this scenario, the defaultalias is associated with the DefaultWEBVPNGroup connection profile. You can determine which profile uses the alias by navigating to Configuration > Remote Access VPN > Clientless SSL VPN Access > Connection Profiles in Cisco Adaptive Security Device Manager (ASDM), as shown in the following exhibit:
Based on the exhibit above, you can determine that the DefaultWEBVPNGroupconnection profile is configured with two authentication methods: AAA(LOCAL) and Certificate. Although multiple AAA servers can be configured for a single connection profile, in this scenario only the AAA(LOCAL) AAA server is configured for the DefaultWEBVPNGroup connection profile. If you were to select the DefaultWEBVPNGroup connection profile, you could modify the way in which default users authenticate to the VPN, as shown in the following exhibit:
The AAA Server Group dropdown menu enables you to select a different AAA authentication server if one has been configured. If a server other than LOCAL is selected, you can select the Use LOCAL if Server Group fails check box to use the local database as a backup authentication method for whatever AAA server is in use.
[TABS_R id=8782]