ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-730 All Questions

View all questions & answers for the 300-730 exam
Go to Exam

Exam 300-730 topic 1 question 40 discussion

Actual exam question from Cisco's 300-730
Question #: 40
Topic #: 1
[All 300-730 Questions]


Refer to the exhibit. An SSL client is connecting to an ASA headend. The session fails with the message `Connection attempt has timed out. Please verify Internet connectivity.` Based on how the packet is processed, which phase is causing the failure?

  • A. phase 9: rpf-check
  • B. phase 5: NAT
  • C. phase 4: ACCESS-LIST
  • D. phase 3: UN-NAT
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by [deleted] at April 3, 2025, 3:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
r3spu
1 month, 2 weeks ago
Selected Answer: D
At Phase 3 the ASA matches the rule: nat (inside,outside) source static obj_172.16.0.0_24 interface and immediately “Untranslate[s] 10.31.124.31:443 → 172.16.0.4:443” and diverts the flow to the inside interface. Because the packet is no longer destined for the ASA’s outside address, the SSL-VPN listener never receives it, so the AnyConnect client waits until it times out. All later phases show ALLOW, but the damage is already done at the UN-NAT stage. Removing or refining that static NAT so it no longer matches the head-end IP will let the VPN connection establish.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel