b.julin

Member Since: Jan 12, 2007

User Badges:
  • Bronze, 100 points or more

English
b.julin commented on Restrict Cisco VPN by MAC Address in VPN 6 months ago

We never had a pressing need to do this. If we are talking about Windows clients, and nowadays, we...

b.julin commented on SNMP notify and remote SNMPv3 users in Network Management 3 years ago

Yay... finally figured out a workaround for this one.  If you add a local snmp user with the same...

b.julin commented on ZBFW: which protocols break if not inspected? in Firewalling 4 years ago

I'd like to keep this question open a while to see what others in the community may have to add.By...

b.julin commented on ZBFW: which protocols break if not inspected? in Firewalling 4 years ago

>> And the list keeps going Thanks for helping us get it started :-)

b.julin commented on ZBFW: which protocols break if not inspected? in Firewalling 4 years ago

Yes, this is the reason why some protocols need to be inspected.Others need to be inspected to do...

b.julin commented on DHCP Proxy broken with particular interface/server (7.0.235.3) in Security and Network Management 4 years ago

Well, we can certainly try going back to passtrough DHCP, and hoping that the problems we were...

b.julin commented on Outdoor wireless question in Getting Started with Wireless 4 years ago

Assuming the building adjacent to the courtyard are climate controlled, you can try what we did:...

b.julin commented on Cisco WCS AP's show down but are not in Security and Network Management 4 years ago

I've seen radios "down" that were actually up on this version before, but not whole APs.  You can...

b.julin commented on Clarification for using mac-address-table synchronize command in LAN, Switching and Routing 5 years ago

I'm bumping this old thread for further clarification.It is not clear whether routed-mac addresses...

b.julin commented on Android 2.3 Advanced VPN Options in VPN 5 years ago

I've found the v1 L2TP PSK selection sends a parameter set that has no DH group defined, so it...

b.julin commented on Relay Syslog in Security Management 6 years ago

I don't recall ever seeing syslog relay on IOS.  Since syslog is unidirectional, maybe you could...

b.julin commented on host-mode multi-auth with latest IOS 12.2(55)SE BIG problem in AAA, Identity and NAC 6 years ago

The command is in 12.2(55)SE1 at least.  Don't think it will solve your problem, based on what it...

b.julin commented on host-mode multi-auth with latest IOS 12.2(55)SE BIG problem in AAA, Identity and NAC 6 years ago

Ah, makes sense now that I know you're "order mab dot1x".Yes, that's a sticky problem.  We aren't...

b.julin commented on AA Authentication Banner problems in AAA, Identity and NAC 6 years ago

Longshot: try using single or double quote as the delimeter?

b.julin commented on host-mode multi-auth with latest IOS 12.2(55)SE BIG problem in AAA, Identity and NAC 6 years ago

I'm missing something -- what's the distinguishable difference between a guest user and machine...

b.julin commented on AA Authentication Banner problems in AAA, Identity and NAC 6 years ago

If you look at a show run, does the banner text have the whitespace intact?  If not, then you need...

b.julin commented on Authentication Failed and No Response VLAN in AAA, Identity and NAC 6 years ago

What's your host-mode?  If you are running in multi-auth, guest vlan might not work, though you...

b.julin commented on host-mode multi-auth with latest IOS 12.2(55)SE BIG problem in AAA, Identity and NAC 6 years ago

Currently I'm running MAB (no 802.1x) on 12.2(55)SE1 and it is working with the following...

b.julin commented on Port Security issue that causes limited connectivity for PCs in LAN, Switching and Routing 6 years ago

Are any other features enabled?  Like arp inspection?  mab? I've never seen port security alone...

b.julin commented on Traceroute MAC address in LAN, Switching and Routing 6 years ago

The answer is "yes" so long as:1) all switches between the switch where the "trace mac" command is...

b.julin commented on port-control with quiet devices -- spanning tree problem? in LAN, Switching and Routing 6 years ago

Further reading into this suggests that spanning-tree is the normal way in which port-control kills...

b.julin commented on help with ip dhcp snooping in LAN, Switching and Routing 6 years ago

If you are mainly concerned with rogue DHCP, you do not need "ip verify source" to defend against...

b.julin commented on 2960's losing configuration in LAN, Switching and Routing 6 years ago

"no setup express" ?   Assuming "setup express" is applied, of course.

b.julin commented on help with ip dhcp snooping in LAN, Switching and Routing 6 years ago

The information-option stuff can be a confusing source of problems for DHCP snooping.  I think you...

b.julin commented on Prevent Corporate devices from connecting to Public Wifi in Security and Network Management 6 years ago

I figured out you were suggesting the same thing after I posted... and to reiterate, a Fake profile...

b.julin commented on Prevent Corporate devices from connecting to Public Wifi in Security and Network Management 6 years ago

Maybe you could predefine the Public WiFi on the corporate desktop, and screw with the parameters...

b.julin commented on Limitations of "DHCP Required" on WLC/WiSM in Security and Network Management 6 years ago

Here's the debug and "show client detail" for two clients concurrently connected with the same IP...

b.julin commented on Limitations of "DHCP Required" on WLC/WiSM in Security and Network Management 6 years ago

No, it does not.  That is the point.  The WLC is perfectly happy, it seems, to allow two MACs to be...

b.julin commented on Limitations of "DHCP Required" on WLC/WiSM in Security and Network Management 6 years ago

I'll work on getting some sample output.To be clear, I don't think we are seeing this problem with...

b.julin commented on SSID with diferent "Max Concurrent Login" value in Security and Network Management 6 years ago

This is generally done on the AAA server side.  The attributes sent to the AAA server include the...

b.julin commented on host-mode multi-auth with latest IOS 12.2(55)SE BIG problem in AAA, Identity and NAC 6 years ago

Really?  For me 12.2(55)SE is just plain broken in multi-auth mode.  It will not even assign a vlan...

b.julin commented on ASA 8.3 L2 mode, strange ICMP state failures in Firewalling 6 years ago

permit icmp any inside_globalsversusobject-group icmp-type ICMPstuff icmp-object echo icmp-object...

b.julin commented on ASA 8.3 L2 mode, strange ICMP state failures in Firewalling 6 years ago

Hi,Yes, "inspect icmp" is in the global policy map.About "inspect icmp error" -- does that really...

b.julin commented on 8.3(2) Phase 2 rekey problems, or is it just me? in VPN 6 years ago

Fixed.Workaround:Step 1) Look for a crypto map and a dynamic crypto map that have the same name....

b.julin commented on VPN profile (tunnel group) under the same IP pool in VPN 6 years ago

The command is "vpn-filter" in the policy-group section.Define a policy group for each tunnel group...

b.julin commented on VPN profile (tunnel group) under the same IP pool in VPN 6 years ago

I don't see why not.Here we don't use pools; we use scopes and a DHCP server.  The two RADIUS...

b.julin commented on Need help setting up split tunneling in VPN 6 years ago

Are these RA tunnels ror L2L?  Sounds like RA.In the L2L case split tunneling should happen by...

b.julin commented on snow leopard built in vpn client not working in VPN 6 years ago

It is likely that your Cisco is configured for L2TP/IPSec, not IPSec-ra with xauth, so you need to...

b.julin commented on OS X kernel log being filled with CiscoVPN messages in VPN 6 years ago

Wild-ass guess here: you're using wifi but you have a wired port.  It looks like something is...

b.julin commented on 8.3(2) Phase 2 rekey problems, or is it just me? in VPN 6 years ago

I'm bumping this back up with some updates, in hopes that someone, somewhere is also still running...

b.julin commented on l2tp-ipsec authenticating but not able to reach remote LAN while Cisco VPN Clients can in VPN 6 years ago

Sorry I read that config too fast... but still, try adding dhcp-intercept and test with an XP...

b.julin commented on l2tp-ipsec authenticating but not able to reach remote LAN while Cisco VPN Clients can in VPN 6 years ago

A) You don't have a tunnel-specified statement in the L2TP group.  So the ASA may not push those.B...

b.julin commented on L2TP+ IPSec in 1811 12.4 - Phase 2 stops... in VPN 6 years ago

I'm not sure much uses md5 anymore that won't do sha1 as well.crypto ipsec transform-set L2TP-LNS1...

b.julin commented on Copy Config to Another ASA in VPN 6 years ago

Don't forget to change the management address, otherwise ugliness ensues as the two boxes compete...

b.julin commented on Restrict Cisco VPN by MAC Address in VPN 6 years ago

Another option is switch from PSK to certs, and when creating the certs, embed the MAC address or...

b.julin commented on L2TP/IPsec VPN Problem with Windows 2008 (r2) and ASA 5510 in VPN 6 years ago

That looks like a different issue than what is described here.  Are you sure L2TP works at all?...

b.julin commented on VPN 3000 client registering their home ip address to corporate DNS Server Issue in VPN 6 years ago

You can either specify a default filter ruleset, or specify multiple rulesets and have AAA pick one...

b.julin commented on VPN 3000 client registering their home ip address to corporate DNS Server Issue in VPN 6 years ago

I think what they are suggesting as a workaround would be to redefine the addressrange you assign...

b.julin commented on Has anyone tried to upgrade to ASA 8.3? in VPN 6 years ago

It's pretty rough.  I wouldn't recommend it unless you can work a spare free to do the upgrade and...

b.julin commented on ISAKMP and IPSec Key Refresh in VPN 6 years ago

I think maybe what you might be missing is that ISAKMP is more a dial-on-demandsetup.  Crypto maps...

Bio

User Badges:
  • Badge.
    Bronze
    100 points or more

b.julin's Stats

Points56
Discussion started 31
Answers marked as Correct 8
Endorsed 0
Content Rated 22