We are scanning our WAAS evironment for PCI compliance and the device with the latest code fails. Has anyone else had issues with PCI scans of a WAAS device? The main thing that it fails on is the version of Apache, SSH version, and self-signed certificates.
We have disabled ssh version 1 from the CM and can see that no sshd version 1 is in the config, yet we are able to ssh into the box version 1. We are also able to telnet on port 22 to the box and we get the following response:
On the cert issues one of the items is that the WAVE has a self-signed cert, which from what I can tell can't be removed per bug/enhancement
Has anyone else had to do a PCI scan on these devices and what were the results?
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...