Collin Clark

Member Since: Sep 17, 2009

English
Collin Clark commented on ASR Zone based firewall and return traffic in Firewalling 3 hours ago

Paul- It sounds like you are permitting traffic, not inspecting it. When it is inspected, the...

Collin Clark commented on FirePower URL site lookup in Firewalling 3 hours ago

Here's what is used- http://www.senderbase.org/

Collin Clark commented on Directly connect 2 failover pairs, back-to-back in Firewalling 3 hours ago

I don't think there is a way to have one pair failover and have the other pair notified and also...

Collin Clark commented on Firepower Recommendations in FireSIGHT System / 3D System 3 hours ago

I typically let Sourcefire run in monitor mode for 10-14 days before running 'recommendations'. HTH

Collin Clark commented on snmp v3 in Security Management 3 hours ago

The Engine ID will dynamically be created if you do not specify one. I have never created one and...

Collin Clark commented on Site-to-Site and Remote-Access VPN in ASA with Firepower in VPN 3 hours ago

Yes it is possible. You just need to make sure your class-map ACL includes the VPN Pool for...

Collin Clark commented on CSR1000v - what gets placed on premise? in WAN, Routing and Switching 3 hours ago

Nothing...kind of...since the csr1000v is a virtual router. At a remote site you will typically...

Collin Clark commented on NAT from physical interfaces to one sub-interface in WAN, Routing and Switching 3 hours ago

Sounds perfectly acceptable.

Collin Clark commented on ASA 8.4 to 9.2 with discontiguous outside IP address blocks in Firewalling 5 months ago

Hi Steve- The SE is correct and 'arp permit-nonconnected' resolves the issue of having public IP's...

Collin Clark commented on NextGen IPS firepower appliances deployment with multitenancy support in Intrusion Prevention Systems/IDS 8 months ago

You can put the ASA in multiple context mode and SFR for each independently. 

Collin Clark commented on Adding VLANs to a Nexus Switchport Trunk in LAN, Switching and Routing 8 months ago

You should be adding the VLANs on the trunk from the port-channel interface not the physical. HTH

Collin Clark commented on Sourcefire URL filtering - odd behavior in FireSIGHT System / 3D System 8 months ago

I submitted the URL for you. It takes up to 24 hours to be verified.

Collin Clark commented on Sourcefire URL filtering - odd behavior in FireSIGHT System / 3D System 8 months ago

What does it show in Senderbase.org? or what is the URL?

Collin Clark commented on Sourcefire URL filtering - odd behavior in FireSIGHT System / 3D System 8 months ago

Then you'll have to block Google. Sourcefire does not have a Safe Search function yet.

Collin Clark commented on Sourcefire URL filtering - odd behavior in FireSIGHT System / 3D System 8 months ago

If you want to block video/images in Google you need to enable SafeSearch. https://support.google....

Collin Clark commented on CDP bypass feature in Other Security Subjects 8 months ago

Not every feature is in FN and it can also takes a few months, for new features, to show up in FN....

Collin Clark commented on Port forwarding to Remote Desktop in WAN, Routing and Switching 9 months ago

If the McAfee appliance is also performing NAT, then yes you will need to NAT twice; one on the...

Collin Clark commented on Router CISCO2911/K9 in WAN, Routing and Switching 9 months ago

You just need to buy the UC license.

Collin Clark commented on Port forwarding to Remote Desktop in WAN, Routing and Switching 9 months ago

Configuring NAT (One to One Mapping) | Cisco Skills http://ciscoskills.net/2011/01/21/configuring-...

Collin Clark commented on Allowing SIP through ASA 5525-X version 9.x in Firewalling 9 months ago

Assuming inbound calls will be coming over SIP, then yes you will need to create a NAT & ACL....

Collin Clark commented on CDP bypass feature in Other Security Subjects 9 months ago

It's a new feature in IOS XE 3.7.0E. In the Feature Navigator, it shows the hardware currently...

Collin Clark commented on permit ssh access to specific router ip addresses only in LAN, Switching and Routing 9 months ago

I do it with Control Plane Protection- http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t4/htcpp....

Collin Clark commented on Is it still possible to find obsolete firmware for Catalyst 3750G 24TS? in LAN, Switching and Routing 9 months ago

Try opening a TAC case. Tell the engineer what you are trying to do and they should post the code...

Collin Clark commented on Cisco router 1841 give gibberish on console display in WAN, Routing and Switching 9 months ago

The screenshot shows 9600. Are you sure you've set 115200 correctly?

Collin Clark commented on Cisco ASA 5520 NAT/PAT for inbound ports in Firewalling 9 months ago

Your IP's are backwards in the NAT statement. Mapped IP comes first. nat (inside,outside2) tcp x.x...

Collin Clark commented on Cisco ASA 5520 NAT/PAT for inbound ports in Firewalling 9 months ago

Can you run another packet tracer, expand all the steps and post it?

Collin Clark commented on Cisco ASA 5520 NAT/PAT for inbound ports in Firewalling 9 months ago

Do you already have an 'outside' interface that has your default gateway and this is a backup...

Collin Clark commented on Cisco ASA 5520 NAT/PAT for inbound ports in Firewalling 9 months ago

Try swapping your interfaces- static (inside,outside2) tcp x.x.x.203 8181 10.96.1.5 443 netmask 255...

Collin Clark commented on ASA Firewall in Firewalling 9 months ago

You can configure global access rules in conjunction with interface access rules, in which case,...

Collin Clark commented on Identify crypto policy among list of VPN's in VPN 9 months ago

Try show run crypto ipsec. It will list all the configured IPSec policies. From there you can...

Collin Clark commented on HRSP Unknown Standby Router, Both Routers Active in LAN, Switching and Routing 9 months ago

Verify you have layer 2 connectivity between the routers through IOU4. They need to be layer 2...

Collin Clark commented on ACL keeps stopping dhcp? in WAN, Routing and Switching 9 months ago

Try adding the following ACE- access-list 110 permit udp any any eq bootpc

Collin Clark commented on Identify crypto policy among list of VPN's in VPN 9 months ago

A show run crypto map will list all your crypto maps. Each crypto map will have a peer associated...

Collin Clark commented on What raid is used in AsyncOS in Web Security 9 months ago

Depends on the physical box, either RAID 10 or RAID 1. See the table about 1/3 of the way down http...

Collin Clark commented on ASA Terminal Server Support in Firewalling 9 months ago

Depends on what/how you are filtering. Sourcefire? WSA? 3rd party?

Collin Clark commented on Global PAT in Firewalling 9 months ago

Here is how I do it- object network obj_any subnet 0.0.0.0 0.0.0.0 object network obj_any nat (any,...

Collin Clark commented on LLW & E-LLW - Warranty Question, in LAN, Switching and Routing 9 months ago

You have to call TAC. Then state you have failed hardware inside the warranty date. They will...

Collin Clark commented on LLW & E-LLW - Warranty Question, in LAN, Switching and Routing 9 months ago

The customer would have to open a TAC case and reference the warranty. Cisco has up to 10 business...

Collin Clark commented on F5 load balancing of DMVPN Tunneling in WAN, Routing and Switching 9 months ago

The two hubs can either be in the same DMVPN cloud or they can each be in their own. Either way,...

Collin Clark commented on NAT on 9.2 in VPN 9 months ago

Instead of the interface keyword, put in your public IP. The DNS keyword should then work.

Collin Clark commented on how can I perform two factor authentication using radius nps . in AAA, Identity and NAC 9 months ago

No since the article focuses on the ASA. You may want to head over to the wireless section of the...

Collin Clark commented on Anyconnect VPN - confused with licenses in VPN 9 months ago

Correct, once the license is applied it should read Anyconnect Essentials: Enabled

Collin Clark commented on ASA 5525-X FIrewall/DMZ/Trunking configuration in Email Security 9 months ago

Marko- It looks like some of your NAT's have the incorrect interface: object network EmailServer-...

Collin Clark commented on how can I perform two factor authentication using radius nps . in AAA, Identity and NAC 9 months ago

The two factors are setup on the ASA, not necessarily in NPS. For example I might require a certain...

Collin Clark commented on How to restore password on Cisco ACS 5.4 in AAA, Identity and NAC 9 months ago

TAC can provide it to you. You'll have to open a case and request it. HTH

Collin Clark commented on NAT on 9.2 in VPN 9 months ago

object network OBJ-10.1.1.2 host 10.1.1.2object service OBJ-TCP-https service TCP source eq...

Collin Clark commented on Cisco ASA Identity Firewall VPN via LDAP in VPN 9 months ago

The ACL is not username based, it's IP based (based on the IP assigned to the user in AnyConnect).

Collin Clark commented on Anyconnect VPN - confused with licenses in VPN 9 months ago

Christian- The 5510 is limited to 250 Anyconnect users so that would be the max license to buy. If...

Collin Clark commented on Need to allow a particular user to directly access ASA in enable mode and have only show command access in Firewalling 9 months ago

You will need to put that particular user into a different privilege level and put the necessary...

Collin Clark commented on SSL v2 and v3 - Catalyst 3560 in LAN, Switching and Routing 9 months ago

Tom- To disable the web server on the switch, from config mode enter- no ip http server HTH

Bio

First things first: Please, please do not use the services of Presidio Solutions. They are unprofessional and unethical, from the top down. Never have I been treated so poorly as I have with this company. Email me and I would love to give you the details. If I have provided any help to you through the Support Forums, then please, use any other partner than Presidio.

I have been working in IT since 1997 and working with Cisco products since 2000. I have held a variety of jobs from Helpdesk to Senior Network Engineer. I like working with Cisco because they are a market leader and an innovator in the networking field. They develop products and technologies that lead all of IT to the future. There are not a lot of other companies that do that and I'm lucky to have been exposed to Cisco and to have the opportunity to work with them.









  • Community Spotlight Award

    Doc/Video January 2014





  • Community Spotlight Award

    Questions Answered December 2013





  • Cisco Designated VIP

    2011 LAN









Collin Clark's Stats

Points5477
Discussion started 51
Answers marked as Correct 532
Endorsed 2
Content Rated 102
Website: