Collin Clark

Member Since: Sep 17, 2009

English
Collin Clark commented on Public server unreachable in the DMZ in Firewalling 1 month ago

Do you have arp permit-nonconnected enabled?

Collin Clark commented on HTTP onto 2960 Switch in Other Network Infrastructure Subjects 1 month ago

Can you post the results of show ip http server secure status

Collin Clark commented on IOS FW Zone Question in LAN, Switching and Routing 1 month ago

The zones are just local to the router itself. Once it leaves a zone, it travels like normal...

Collin Clark commented on Users cant ping internet but Router can ping internet in WAN, Routing and Switching 1 month ago

Here's a known working NAT example. ip nat inside source route-map NAT_RULES interface...

Collin Clark commented on Users cant ping internet but Router can ping internet in WAN, Routing and Switching 1 month ago

Yes, that's what I meant. From 172.16.100.87 are you able to ping 172.16.100.1?

Collin Clark commented on Users cant ping internet but Router can ping internet in WAN, Routing and Switching 1 month ago

That means none of your internal users are NAT'ing to a public address. What is the client IP you'...

Collin Clark commented on Users cant ping internet but Router can ping internet in WAN, Routing and Switching 1 month ago

You can access the internet without CBAC, but you will need to create an ACL that will allow return...

Collin Clark commented on Users cant ping internet but Router can ping internet in WAN, Routing and Switching 1 month ago

You need inspection (CBAC or Zone Base FW). http://www.cisco.com/c/en/us/support/docs/security/ios-...

Collin Clark commented on OTV Feature Support in Data Center & Virtualization 1 month ago

Feature Navigator is your friend-

Collin Clark commented on 4300 Series Router in WAN, Routing and Switching 1 month ago

The 2GB is in reference to aggregate throughput through all router interfaces. For example let's...

Collin Clark commented on Automatically Set Port Descriptions in EEM Scripting 1 month ago

Ken- Change line 4.24 to action 4.4 cli command "description $host"

Collin Clark commented on ASA Show Command in Firewalling 2 months ago

Input errors (w/o CRC errors) are usually caused by a bad cable or they are packets with/without a...

Collin Clark commented on ASA Show Command in Firewalling 2 months ago

You should be able to see that if you do a 'show interface' in the particular context. However you...

Collin Clark commented on ASA reset packet in Firewalling 2 months ago

Either can generate it, it depends on the configuration. You can do a packet capture on either the...

Collin Clark commented on How to apply the licenses to the firepower module? in Firewalling 2 months ago

Take the PAK number on the paper and go to cisco.com/go/license and add it there to get the Control...

Collin Clark commented on ASR 1001 licensing in VPN 2 months ago

Any of the three will work. I prefer E-Delivery so I would go with #1.

Collin Clark commented on ASR 1001 licensing in VPN 2 months ago

They are the same thing. One is a physical paper license and the other is an emailed license.

Collin Clark commented on Failover configuration order for adding secondary in Firewalling 2 months ago

Here's the cut sheet I use. On PRIMARY============================================================...

Collin Clark commented on Enable traffic between 2 internal interfaces in Firewalling 2 months ago

ICMP is treated a little differently. Try adding- icmp permit any inside icmp permit any Wireless

Collin Clark commented on Cisco ASA 5545X FirePower - No Data Reported in the SFR portal in Firewalling 2 months ago

Did you add the manager config in the sensor? Are you getting ACL hits on your redirect ACL?

Collin Clark commented on Setting up Vendor ASA off my network (Inside/Outside interface ip addressing) in Firewalling 2 months ago

That should work just fine. As long as the subnets don't overlap it will work. HTH

Collin Clark commented on FirePower Management Center 6.1 Time-based access policy in FireSIGHT System / 3D System 2 months ago

For access policy, I used a time-based ACL on the traffic redirect from the ASA to the SFR module....

Collin Clark commented on ASR 1001 licensing in VPN 2 months ago

I don't see L-FLASR1-IPSEC as a valid SKU. Where are you seeing it? The L- typically means license...

Collin Clark commented on SFTP plugins for SSL VPN in Cisco ASA in VPN 2 months ago

No they do not.

Collin Clark commented on Need Help Routing WAN IP across Site to Site VPN in VPN 2 months ago

You will need to add the public SIP address to the crypto map, the twice nat (or NAT0)...

Collin Clark commented on GLC-LH-SMD still offer same compatability with other existing Cisco equipment? in Other Network Infrastructure Subjects 2 months ago

You should be good to go and no additional license required for DOM.

Collin Clark commented on ASA+FirePower Bundle - policies not getting applied - Interface 'DataPlaneInterface0' is not receiving any packets. in FireSIGHT System / 3D System 2 months ago

A quick fix is to create a second health policy and turn off Interface Status. Then apply this new...

Collin Clark commented on Monitoring total numbers of peer tunels UP or DOWN in DMVPN - NHRP in Other Network Infrastructure Subjects 3 months ago

If the MIB doesn't support it, then you'll have to grab the info manually. 

Collin Clark commented on Need to Nat just one Host as it goes over the VPN. in WAN, Routing and Switching 3 months ago

Glad to hear you got it working!

Collin Clark commented on How to mearge Bandwidth of two GRE MPLS Tunnel from two different Service Provider ? in WAN, Routing and Switching 3 months ago

What is your use case on having a GRE tunnel (with encryption?) on the MPLS circuits? Are you using...

Collin Clark commented on Reloading Switch or Router During election process in OSPF for DR and BDR ? in WAN, Routing and Switching 3 months ago

The OSPF election process is not preemptive. A reboot or disconnect of all devices or a 'clear ip...

Collin Clark commented on Out-Of-Band Access - Network Devices in Data Center & Virtualization 3 months ago

One thing to note...you'll more than likely have to secure the OOB device as well. We used Avocent...

Collin Clark commented on ASA 5512-X routing within a WAN in Firewalling 3 months ago

Why do you not trust your WAN? NAT and ACL'ing your WAN sounds like an administrative nightmare.

Collin Clark commented on Want to upgrade existing ASA to NGFW ASA, want IPS and load balancing in Firewalling 3 months ago

What ASA functionality would I need to take advantage of two internet connections? The...

Collin Clark commented on ASA 5525 and HP2920 Switch compatibility Issue in Firewalling 3 months ago

Nope, check both configs.

Collin Clark commented on SSH Access to 5525 via another device in Firewalling 3 months ago

The nexus is a bit different... ssh [email protected]

Collin Clark commented on ASA Firewalls with IPS in Firewalling 3 months ago

FireSight is not required. You can manage the sensor 'on-box'. I believe IPS in...

Collin Clark commented on Troubleshooting from the ASA firewall logs in VPN 3 months ago

Attached is a diagram for logging levels. What I would do however is setup a packet capture to look...

Collin Clark commented on Need to Nat just one Host as it goes over the VPN. in WAN, Routing and Switching 3 months ago

See is this helps-http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation...

Collin Clark commented on Cat 6500 to Nexus 9000 Migration options in Other Data Center Subjects 3 months ago

Add the 9K's to the network as L2 only, then migrate L3 services over as you decommission services/...

Collin Clark commented on ASR Zone based firewall and return traffic in Firewalling 3 months ago

Add you have that applied to an interface correct? Can you post the results of the following...

Collin Clark commented on About AAA new-model in AAA, Identity and NAC 3 months ago

It depends, what is authorizing the login? Gagan noted the easiest way which bypasses the...

Collin Clark commented on Directly connect 2 failover pairs, back-to-back in Firewalling 3 months ago

Right, it would work if the link that failed was the cable between the firewalls (highly unlikely...

Collin Clark commented on ASR Zone based firewall and return traffic in Firewalling 3 months ago

Paul- It sounds like you are permitting traffic, not inspecting it. When it is inspected, the...

Collin Clark commented on FirePower URL site lookup in Firewalling 3 months ago

Here's what is used- http://www.senderbase.org/

Collin Clark commented on Directly connect 2 failover pairs, back-to-back in Firewalling 3 months ago

I don't think there is a way to have one pair failover and have the other pair notified and also...

Collin Clark commented on Firepower Recommendations in FireSIGHT System / 3D System 3 months ago

I typically let Sourcefire run in monitor mode for 10-14 days before running 'recommendations'. HTH

Collin Clark commented on snmp v3 in Security Management 3 months ago

The Engine ID will dynamically be created if you do not specify one. I have never created one and...

Bio

First things first: Please, please do not use the services of Presidio Solutions. They are unprofessional and unethical, from the top down. Never have I been treated so poorly as I have with this company. Email me and I would love to give you the details. If I have provided any help to you through the Support Forums, then please, use any other partner than Presidio.

I have been working in IT since 1997 and working with Cisco products since 2000. I have held a variety of jobs from Helpdesk to Senior Network Engineer. I like working with Cisco because they are a market leader and an innovator in the networking field. They develop products and technologies that lead all of IT to the future. There are not a lot of other companies that do that and I'm lucky to have been exposed to Cisco and to have the opportunity to work with them.









  • Community Spotlight Award

    Doc/Video January 2014





  • Community Spotlight Award

    Questions Answered December 2013





  • Cisco Designated VIP

    2011 LAN









Collin Clark's Stats

Points5546
Discussion started 51
Answers marked as Correct 541
Endorsed 2
Content Rated 103
Website: