[TABS_R id=8782]
You are configuring a group policy for Cisco AnyConnect VPN connections. You have accessed the Add Internal Group Policy dialog box for the group policy.
On what pane will you be able to configure a VLAN restriction? (Select the best answer.)
- the Customization pane
- the Servers pane
- the General pane
- the SSL VPN Client pane
Explanation:
You can configure a virtual LAN (VLAN) restriction in a group policy for Cisco AnyConnect virtual private network (VPN) clients on the General pane of the Add Internal Group Policy dialog box for the group policy. You can configure a VLAN restriction so that all VPN traffic that is generated by using the associated group policy is sent to the specified VLAN. By configuring a VLAN restriction, you can control the VPN traffic.
To configure a VLAN restriction in Cisco Adaptive Security Device Manager (ASDM) for a group policy that will be used for Cisco AnyConnect clients, you should click Configuration, click the Remote Access VPN button, expand Network (Client) Access, click Group Policies, and click the Add button to create a new group policy, or you should select the group policy to modify and click the Edit button to edit an existing group policy. Depending on whether you click the Add button or the Edit button, the Add Internal Group Policy dialog box or the Edit Internal Group Policy dialog box will open. The General pane of these dialog boxes contains a list of general configuration options, including the banner to display to users, the IP address pool to use, the tunneling protocols to use, and the VLAN to which VPN traffic should be restricted. The following exhibit displays an example configuration in which VPN connections made by using the boson_grp group policy will be restricted to VLAN 10:
You cannot configure a VLAN restriction on the Customization pane of the Add Internal Group Policy dialog box for a group policy for Cisco AnyConnect VPN clients. On this pane, you can configure the customization object to apply to the VPN connection, the home page Uniform Resource Locator (URL), and a custom access denied message to display to users.
You cannot configure a VLAN restriction on the Servers pane of the Add Internal Group Policy dialog box for a group policy for Cisco AnyConnect VPN clients. On this pane, you can configure the Domain Name System (DNS) servers to use for the connection and the Windows Internet Name Service (WINS) servers to use for the connection.
You cannot configure a VLAN restriction on the SSL VPN Client pane of the Add Internal Group Policy dialog box for a group policy for Cisco AnyConnect VPN clients. On this pane, you can configure whether the Cisco AnyConnect VPN client installer remains on client systems, whether compression should be applied to the VPN session, the maximum transmission unit (MTU) for the connection, and the client profile to download to clients.
[TABS_R id=8782]