Collin Clark

Member Since: Sep 17, 2009

User Badges:
  • Purple, 4500 points or more

English
Collin Clark commented on NX7K Mgmt Interface Security in Security Management 20 hours ago

Typically no, but it also depends on what Supervisor you are running. Some include a CoPP policy...

Collin Clark commented on logging on a Cisco 4507R+E in Physical Security 20 hours ago

login on-failure log By default those messages are logged at level 4.

Collin Clark commented on How to disconnect\reset vpn connections nightly? in VPN 20 hours ago

You could also configure a 'max connect time' for the Anyconnect session. Set it to 24 hours and...

Collin Clark commented on Assigning a device to client's requirement? in Borderless Networks 20 hours ago

Start to narrow it down by fulfilling the harder requirements first. For example 7. Allows a single...

Collin Clark commented on Crypto Keys in Remote Access 21 hours ago

By default SSH uses the first key generated (usually labeled general purpose). I always create a...

Collin Clark commented on IP SLA Route Tracking on host routes (/32) in WAN, Routing and Switching 21 hours ago

Ah. Yes that's an issue when you track remote hosts. One option would be to use an ACL to block the...

Collin Clark commented on cisco 4331 Router in WAN, Routing and Switching 21 hours ago

ISR4331-SEC/K9 it includes the license and will already be on the router.

Collin Clark commented on how i can block (.rar) files with Cisco IronPort ESA ? in Email Security 1 day ago

I don't believe .rar files are executable. Another way to filter is to point to a dictionary that...

Collin Clark commented on Contentfilter blocks attachment even if it's on whitelist in Email Security 1 day ago

I think the regex is partially wrong. You could write both of your filter statements in one and...

Collin Clark commented on Brackets for ASA 5555X in Firewalling 1 day ago

You could weld it on, but more than likely your rack is aluminum and that starts another...

Collin Clark commented on Switchport Port-Security --- How to assign more than one mac address allow on a switch port? in LAN, Switching and Routing 1 day ago

Yes if you want it to or No if you don't! Sticky with aging would allow that MAC to be learned on...

Collin Clark commented on VTY Extended ACL in LAN, Switching and Routing 1 day ago

An access-class is not really the right place to restrict that. Take a look at Control Plane...

Collin Clark commented on Handling multiple WAN circuits in WAN, Routing and Switching 1 day ago

Do you know if both links go back to the switch at the carrier? If so you could Etherchannel the...

Collin Clark commented on IP SLA Route Tracking on host routes (/32) in WAN, Routing and Switching 1 day ago

Have you looked into using multiple sla monitors and the boolean operation? You can insert the...

Collin Clark commented on cisco 4331 Router in WAN, Routing and Switching 1 day ago

It's easiest if you just order the router with the license you need instead of al' a carte. The...

Collin Clark commented on Catalyst 2960 PoE-24 not working in LAN, Switching and Routing 2 weeks ago

Sounds like a major hardware fault. If you have maintenance, open a TAC case for replacement. HTH

Collin Clark commented on Sourcefire URL filtering - odd behavior in FireSIGHT System / 3D System 2 months ago

That URL is indeed categorized as Filter Avoidance. http://www.senderbase.org/lookup/?search_string...

Collin Clark commented on Upload a config in asa or execute config script in Firewalling 2 months ago

First you need to setup a job to grab that file and parse the IP's. Next you have a couple of...

Collin Clark commented on ASA 5525: Mailserver behind firewall Problem (rDNS) in Firewalling 2 months ago

You need to create a full 1-to-1 NAT to the email server. nat (DMZ,OUTSIDE) source static 172.16....

Collin Clark commented on Issue in Cisco 2960X switches while configuring redundancy for edge ports. in LAN, Switching and Routing 2 months ago

This is a PLC issue, not a configuration issue. The server fails over quicker b/c the NIC's are...

Collin Clark commented on Public server unreachable in the DMZ in Firewalling 4 months ago

Do you have arp permit-nonconnected enabled?

Collin Clark commented on HTTP onto 2960 Switch in Other Network Infrastructure Subjects 4 months ago

Can you post the results of show ip http server secure status

Collin Clark commented on IOS FW Zone Question in LAN, Switching and Routing 4 months ago

The zones are just local to the router itself. Once it leaves a zone, it travels like normal...

Collin Clark commented on Users cant ping internet but Router can ping internet in WAN, Routing and Switching 4 months ago

Here's a known working NAT example. ip nat inside source route-map NAT_RULES interface...

Collin Clark commented on Users cant ping internet but Router can ping internet in WAN, Routing and Switching 4 months ago

Yes, that's what I meant. From 172.16.100.87 are you able to ping 172.16.100.1?

Collin Clark commented on Users cant ping internet but Router can ping internet in WAN, Routing and Switching 4 months ago

That means none of your internal users are NAT'ing to a public address. What is the client IP you'...

Collin Clark commented on Users cant ping internet but Router can ping internet in WAN, Routing and Switching 4 months ago

You can access the internet without CBAC, but you will need to create an ACL that will allow return...

Collin Clark commented on Users cant ping internet but Router can ping internet in WAN, Routing and Switching 4 months ago

You need inspection (CBAC or Zone Base FW). http://www.cisco.com/c/en/us/support/docs/security/ios-...

Collin Clark commented on OTV Feature Support in Data Center & Virtualization 4 months ago

Feature Navigator is your friend-

Collin Clark commented on 4300 Series Router in WAN, Routing and Switching 4 months ago

The 2GB is in reference to aggregate throughput through all router interfaces. For example let's...

Collin Clark commented on Automatically Set Port Descriptions in EEM Scripting 4 months ago

Ken- Change line 4.24 to action 4.4 cli command "description $host"

Collin Clark commented on ASA Show Command in Firewalling 5 months ago

Input errors (w/o CRC errors) are usually caused by a bad cable or they are packets with/without a...

Collin Clark commented on ASA Show Command in Firewalling 5 months ago

You should be able to see that if you do a 'show interface' in the particular context. However you...

Collin Clark commented on ASA reset packet in Firewalling 5 months ago

Either can generate it, it depends on the configuration. You can do a packet capture on either the...

Collin Clark commented on How to apply the licenses to the firepower module? in Firewalling 5 months ago

Take the PAK number on the paper and go to cisco.com/go/license and add it there to get the Control...

Collin Clark commented on ASR 1001 licensing in VPN 5 months ago

Any of the three will work. I prefer E-Delivery so I would go with #1.

Collin Clark commented on ASR 1001 licensing in VPN 5 months ago

They are the same thing. One is a physical paper license and the other is an emailed license.

Collin Clark commented on Failover configuration order for adding secondary in Firewalling 5 months ago

Here's the cut sheet I use. On PRIMARY============================================================...

Collin Clark commented on Enable traffic between 2 internal interfaces in Firewalling 5 months ago

ICMP is treated a little differently. Try adding- icmp permit any inside icmp permit any Wireless

Collin Clark commented on Cisco ASA 5545X FirePower - No Data Reported in the SFR portal in Firewalling 5 months ago

Did you add the manager config in the sensor? Are you getting ACL hits on your redirect ACL?

Collin Clark commented on Setting up Vendor ASA off my network (Inside/Outside interface ip addressing) in Firewalling 5 months ago

That should work just fine. As long as the subnets don't overlap it will work. HTH

Collin Clark commented on FirePower Management Center 6.1 Time-based access policy in FireSIGHT System / 3D System 5 months ago

For access policy, I used a time-based ACL on the traffic redirect from the ASA to the SFR module....

Collin Clark commented on ASR 1001 licensing in VPN 5 months ago

I don't see L-FLASR1-IPSEC as a valid SKU. Where are you seeing it? The L- typically means license...

Collin Clark commented on SFTP plugins for SSL VPN in Cisco ASA in VPN 5 months ago

No they do not.

Collin Clark commented on Need Help Routing WAN IP across Site to Site VPN in VPN 5 months ago

You will need to add the public SIP address to the crypto map, the twice nat (or NAT0)...

Collin Clark commented on GLC-LH-SMD still offer same compatability with other existing Cisco equipment? in Other Network Infrastructure Subjects 5 months ago

You should be good to go and no additional license required for DOM.

Collin Clark commented on ASA+FirePower Bundle - policies not getting applied - Interface 'DataPlaneInterface0' is not receiving any packets. in FireSIGHT System / 3D System 5 months ago

A quick fix is to create a second health policy and turn off Interface Status. Then apply this new...

Collin Clark commented on Monitoring total numbers of peer tunels UP or DOWN in DMVPN - NHRP in Other Network Infrastructure Subjects 6 months ago

If the MIB doesn't support it, then you'll have to grab the info manually. 

Bio

First things first: Please, please do not use the services of Presidio Solutions. They are unprofessional and unethical, from the top down. Never have I been treated so poorly as I have with this company. Email me and I would love to give you the details. If I have provided any help to you through the Support Forums, then please, use any other partner than Presidio.

I have been working in IT since 1997 and working with Cisco products since 2000. I have held a variety of jobs from Helpdesk to Senior Network Engineer. I like working with Cisco because they are a market leader and an innovator in the networking field. They develop products and technologies that lead all of IT to the future. There are not a lot of other companies that do that and I'm lucky to have been exposed to Cisco and to have the opportunity to work with them.

User Badges:
  • Badge.
    Purple
    4500 points or more
  • Badge.
    Community Spotlight Award

    Doc/Video January 2014

  • Badge.
    Community Spotlight Award

    Questions Answered December 2013

  • Badge.
    Cisco Designated VIP

    2011 LAN

Collin Clark's Stats

Discussion started
Answers marked as Correct
Endorsed
Content Rated
Website: