Home » Cisco » 300-209 » Which configuration should you use?
When using clientless SSL VPN, you might not want some applications or web resources to go through the Cisco ASA appliance.
For these application and web resources, as a Cisco ASA administrator, which configuration should you use?
A. Configure the Cisco ASA appliance for split tunneling.
B. Configure network access exceptions in the SSL VPN customization editor.
C. Configure the Cisco ASA appliance to disable content rewriting.
D. Configure the Cisco ASA appliance to enable URL Entry bypass.
E. Configure smart tunnel to bypass the Cisco ASA appliance proxy function.
Correct Answer: C
Explanation/Reference:
Explanation: http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/vpn_web.html
Content Rewrite
The Content Rewrite pane lists all applications for which content rewrite is enabled or disabled. Clientless SSL VPN processes application traffic through a content transformation/rewriting engine that includes advanced elements such as JavaScript, VBScript, Java, and multi- byte characters to proxy
HTTP traffic which may have different semantics and access control rules depending on whether the user is using an application within or independently of an SSL VPN device.
By default, the security appliance rewrites, or transforms, all clientless traffic. You might not want some applications and web resources (for example, public websites) to go through the security appliance. The security appliance therefore lets you create rewrite rules that let users browse certain sites and applications without going through the security appliance. This is similar to splittunneling in an IPSec VPN connection. You can create multiple rewrite rules. The rule number is important because the security appliance searches rewrite rules by order number, starting with the lowest, and applies the first rule that matches.