What must be implemented so that "3.3.3.3" is returned from a browser search on the IP address?

Refer to the exhibit.

All internal clients behind the ASA are port address translated to the public outside interface that has an IP address of 3.3.3.3. Client 1 and client 2 have established successful SSL VPN connections to the ASA.

What must be implemented so that "3.3.3.3" is returned from a browser search on the IP address?

A. Same-security-traffic permit inter-interface under Group Policy

B. Exclude Network List Below under Group Policy

C. Tunnel All Networks under Group Policy

D. Tunnel Network List Below under Group Policy

View Answer

Answer: C

Explanation:

The reason is that by default, the SSL VPN clients use split tunneling, which means they only send traffic destined for the corporate network through the VPN tunnel, and use their local gateway for other traffic, such as browsing the internet. This means that when they search for their IP address on a browser, they will see their local IP address, not the IP address of the ASA.

To change this behavior, you need to configure the Group Policy on the ASA to tunnel all networks, which means that all traffic from the SSL VPN clients will go through the VPN tunnel, regardless of the destination. This way, when they search for their IP address on a browser, they will see the IP address of the ASA, which is 3.3.3.3.

To configure tunnel all networks under Group Policy, you can use either ASDM or CLI.

For example, using ASDM, you can follow these steps1:

Choose Configuration > Remote Access VPN > Network (Client) Access > Group Policies.

Select the group policy that you want to modify and click Edit.

In the Edit Internal Group Policy window, choose Advanced > Split Tunneling.

In the Policy drop-down list, choose Tunnel All Networks.

Click OK and then Apply.

Using CLI, you can enter these commands:

ciscoasa(config)# group-policy <group_policy_name> attributes ciscoasa(config-group-policy)#split-tunnel-policy tunnelall