A user is trying to log in to a Cisco ASA using the clientless SSLVPN feature and receives the error message "clientless (browser) SSLVPN access is not allowed". Which step should the Cisco ASA administrator take to resolve this issue?
A.
Enable the clientless VPN protocol on the group policy.
B.
Validate that the correct license is in use on the ASA for WebVPN.
C.
Increase the number of simultaneous logins allowed on the group policy.
D.
Verify that a user account exists in the local AAA database for the user.
I think the correct answer is B, for answer A we get different error message "WebVPN session terminated: Client type not supported".
There are 2 types of SSL VPN license:
1) AnyConnect Essential license - only supports AnyConnect client connections
2) AnyConnect Premium license (user base license) - supports all flavours of SSL VPN, including: clientless SSL VPN, AnyConnect client VPN, and all the advanced features of SSL VPN.
The correct answer seems to "A". To resolve the error message "clientless (browser) SSLVPN access is not allowed" on a Cisco ASA, the administrator should take the following step:
Enable the clientless VPN protocol on the group policy.
This error suggests that the clientless SSLVPN access is not allowed, and enabling the clientless VPN protocol on the group policy is the appropriate action to permit users to connect using the clientless SSLVPN feature.
Here's a brief explanation of the options:
Enable the clientless VPN protocol on the group policy: This step allows the ASA to use clientless SSLVPN for users associated with that specific group policy.
Validate that the correct license is in use on the ASA for WebVPN: While licensing is crucial for certain features, the specific error message provided indicates a configuration issue related to clientless SSLVPN access. Validating the license is a good practice, but the immediate resolution for this particular error is typically related to the configuration.
Ensure that the group policy associated with the user allows clientless SSLVPN access, and verify the relevant settings to enable clientless SSLVPN on the Cisco ASA.
correct answer is B:
The message "Clientless (browser) SSL VPN access is not allowed." appears in the browser after an unsuccessful login attempt. The AnyConnect Premium license is not installed on the ASA or it is not in use as shown by "Premium AnyConnect license is not enabled on the ASA."
Solution:
Enable the Premium AnyConnect license with these commands:
ASA(config)# webvpn
ASA(config-webvpn)# no anyconnect-essentials
This section is not available anymore. Please use the main Exam Page.300-730 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mazinhoo
Highly Voted 1 year, 9 months agokylesam2017
Most Recent 10 months agomarges
1 year, 2 months agoNet4dd
1 year, 8 months agobrian7857ffs45
1 year, 8 months ago