Karsten Iwen

Member Since: Dec 21, 2006

English
Karsten Iwen's Activity on Cisco Support Community
Currently displaying 50 results

Karsten Iwen has commented on Size SSH key

17 min 46 sec ago
I'm also not aware of an easy way to show the keysize, but a different way to...

Karsten Iwen has commented on 600-199 - Cisco Cybersecurity Specialist

53 min 6 sec ago
I don't think that SCYBER recertifies any P-level certification. When I...

Karsten Iwen has commented on Subnet mask

1 hour 55 min ago
As mentioned before, you can't tell that. But you can calculate the smallest...

Karsten Iwen has commented on The fragment table has reached its maximum threshold 16

4 hours 44 min ago
Your router uses a feature named "virtual fragment reassembly" to check if...

Karsten Iwen has commented on How much free space will I need in flash if I uprade to c3560-ipbasek9-mz.122-55.SE10.bin IOS?

6 hours 23 min ago
Lets assume that you have 13 MB free with both images loaded. The older 12.2.25...

Karsten Iwen has commented on Cisco ASA 5506-X

6 hours 39 min ago
Which ASDM are you using? Whenever something "strange" happens in the GUI,...

Karsten Iwen has commented on Cisco ASA 5506-X

6 hours 56 min ago
No, this is not a restriction of the Base-5506-X. There are some restrictions,...

Karsten Iwen has commented on Cisco Anyconnect for mobile license?

11 hours 15 min ago
AnyConnect Essentials and Mobile are not available any more. You have two...

Karsten Iwen has commented on Cisco ASA 5506-X

14 hours 34 min ago
1) You don't need the "forward interface" any more and it's removed. You can...

Karsten Iwen has commented on CIsco ASA 5500?

15 hours 55 min ago
In addition to the important fact (more important then ever) that Marvin...

Karsten Iwen has commented on anyconnect vpn

1 day 40 min ago
That's typically caused by insufficient rights for Java on the client system....

Karsten Iwen has commented on How much free space will I need in flash if I uprade to c3560-ipbasek9-mz.122-55.SE10.bin IOS?

1 day 43 min ago
Based on the Cisco Download-page, the new image is only 11 MB in size. That...

Karsten Iwen has commented on Cisco ISE add cli user

1 day 3 hours ago
What did you configure exactly? Probably there was something wrong. If you...

Karsten Iwen has commented on Want to Setup a LAB for Cisco ASA 5500-X, ACS and ISE

1 day 3 hours ago
Do you work for a Cisco partner? Then you can get at least test-licenses for...

Karsten Iwen has commented on Will Cisco update its CCNP curriculum anytime soon?

1 day 9 hours ago
I don't know when there will be changes in the certification. But I think you...

Karsten Iwen has commented on Two Firewalls one ISP

1 day 10 hours ago
You have to distinguish two situations here: 1) The IPS-router only "sees"...

Karsten Iwen has commented on Multifactor Authentication with ASA/VPN

2 weeks 1 day ago
I use duosecurity with a couple of customers and it works very good.

Karsten Iwen has commented on CCNP certification - query

2 weeks 1 day ago
That's clearly stated on the certification page: CCNA Routing and Switching...

Karsten Iwen has commented on ASA 8.4 to 9.2 with discontiguous outside IP address blocks

2 weeks 2 days ago
Here is the link to the command-reference: http://www.cisco.com/c/en/us/td/...

Karsten Iwen has commented on Firepower VM

3 weeks 5 days ago
Duplicate post, discussion started here.

Karsten Iwen has commented on block rouge DHCP server on a vlan

3 weeks 5 days ago
You are using the wrong tool for the right task. DHCP-Snooping is the tool that...

Karsten Iwen has commented on Site to Site VPN - ASA5505 & 5510

3 weeks 5 days ago
You don't say what exactly went wrong, but if you are using a newer ASA-version...

Karsten Iwen has commented on Anyconnect perpetual license increase?

3 weeks 6 days ago
I don't know why there was an increase (was it really $165?), but with $525 for...

Karsten Iwen has commented on Looking for latest right client for Cisco ASA 5505 IPSec

3 weeks 6 days ago
The mentioned Client is End of Life for a long time and as far as I know not...

Karsten Iwen has commented on IKE vulnerability patch/fix release and image upgrade path

4 weeks 4 hours ago
I never had exactly this downgrade, but in similar situations it was just to...

Karsten Iwen has commented on ASA Firewall - Restrict ICMP from a subnet to any

4 weeks 1 day ago
>  access-list outside-access_in permit icmp host 172.2.1.2 any Which...

Karsten Iwen has commented on ASA 5515-X ACL not matching

1 month 2 hours ago
No special configuration needed. Probably there was something wrong with your...

Karsten Iwen has commented on Firepower 6.0

1 month 1 day ago
[[{"fid":"1278776","view_mode":"default","fields":{"format":"default","...

Karsten Iwen has commented on Is it still possible to revert from C3PL back to legacy mode?

1 month 1 day ago
If it's POC-switch, a "write erase" and "reload" should do the job. After that...

Karsten Iwen has commented on how to exit sfr session in Firepower 6.0

1 month 1 day ago
CTRL-SHIFT-6-x shold work. Does it work on other systems from your PC?...

Karsten Iwen has commented on Firepower 6.0

1 month 2 days ago
There is no "apply". You modify your policy, then you save it (only...

Karsten Iwen has commented on public key authentication / 4096 bits

1 month 2 days ago
Yes, it works with 4096 bit keys. I assume that you are just missing the right...

Karsten Iwen has commented on Should two anyconnect clients on the same ASA be able to talk with each other?

1 month 2 days ago
a typical problem is the missing command: same-security-traffic permit...

Karsten Iwen has commented on Static NAT problem ASA 5525

1 month 2 days ago
That's what is expected. The ASA would handle the connection as needed. ...

Karsten Iwen has commented on Static NAT problem ASA 5525

1 month 2 days ago
You can use packet-tracer to find the reason: packet-tracer input outside tcp...

Karsten Iwen has commented on IKE vulnerability patch/fix release and image upgrade path

1 month 2 days ago
I always go for the latest interims releases, but there are different opinions...

Karsten Iwen has commented on Ping subinterface ip on asa 9.4

1 month 3 days ago
Yes it's by design. But I'm not aware of the reason that it was implemented...

Karsten Iwen has commented on Static NAT problem ASA 5525

1 month 3 days ago
The main-problem is that your NAT-order is wrong. The dynamic PAT always has to...

Karsten Iwen has commented on Ping subinterface ip on asa 9.4

1 month 3 days ago
That's how the ASA works without an option to enable that. You can only reach...

Karsten Iwen has commented on Enforce enhanced encryption policy

1 month 3 days ago
crypto dynamic-map DYNMAP 65535 set ikev1 transform-set AES256-SHAcrypto map...

Karsten Iwen has commented on syslog message -need help

1 month 3 days ago
what are you trying to simulate with these port-numbers? packet-tracer input...

Karsten Iwen has commented on Enforce enhanced encryption policy

1 month 3 days ago
The "crypto ikev1 policy" you are talking about is not the protection of the...

Karsten Iwen has commented on ASA 5508 NAT

1 month 3 days ago
a NAT config could look like the following: nat (any,outside) after-auto...

Karsten Iwen has commented on How to disable Implicit rule on Cisco ASA

1 month 3 days ago
You can not disable it. But it's not in place any more when you configure your...

Karsten Iwen has commented on Help in configuring zone based firewall

1 month 3 days ago
Yes, the ACL is ok, although I would use a named ACL. The action "pass" is for...

Karsten Iwen has commented on ASA 5505 on the inside

1 month 3 days ago
You also need to forward udp/4500 for your VPN to work. And you should upgrade...

Karsten Iwen has commented on Help in configuring zone based firewall

1 month 3 days ago
You can use a class-map that references an ACL. This ACL allows the traffic to...

Karsten Iwen has commented on IKE vulnerability patch/fix release and image upgrade path

1 month 3 days ago
as shown in the linked command-reference, it's already in 8.4(6).

Karsten Iwen has commented on IKE vulnerability patch/fix release and image upgrade path

1 month 3 days ago
Ok, didn't realize that you are running all these versions ... From my...

Karsten Iwen has commented on IKE vulnerability patch/fix release and image upgrade path

1 month 3 days ago
You are late with this upgrade ... What's your running version?

Bio

I started my work in the IT at about 1995/1996 as a freelance Trainer and consultant with a focus on networking, Novell NetWare and Microsoft Backoffice. In 2001 I started teaching Cisco classes at Global Knowledge in Germany. Since 2003 I'm again Freelancer with a strong focus on security technologies and infrastructure.
And yes, you can hire me for your security-projects and security-workshops. ;-)








  • Cisco Designated VIP

    2016 Firewalling, VPN





  • Cisco Designated VIP

    2015 Security





  • Cisco Designated VIP

    2014 Security





  • Cisco Designated VIP

    2013 Security





  • Community Spotlight Award

    Mobile App Contributor August 2012









Karsten Iwen's Stats

Points5943
Discussion started 17
Answers marked as Correct 819
Endorsed 25
Content Rated 93