Karsten Iwen

Member Since: Dec 21, 2006

English
Karsten Iwen's Activity on Cisco Support Community
Currently displaying 50 results

Karsten Iwen has commented on CISCO MERAKI MX84

5 days 8 hours ago
And for the speed you should also check the sizing guide: https://meraki....

Karsten Iwen has commented on Technical Support for asa bandwidth Management for users

1 week 10 hours ago
Well, all endpoints can get assigned a policy manually, but that's probably not...

Karsten Iwen has commented on Technical Support for asa bandwidth Management for users

1 week 13 hours ago
You can use information from Active-Directory to assign users to group-policies...

Karsten Iwen has commented on Technical Support for asa bandwidth Management for users

1 week 16 hours ago
The Cisco Meraki MX84 could be of the right size.

Karsten Iwen has commented on Fear of putting CCTV units in isolated zone on same 5505 that the inside zone is on

1 week 1 day ago
If there is no need for different firewalls (separation of duties is one...

Karsten Iwen has commented on Is it possible to build a tunnel from an internal interface?

1 week 1 day ago
Actually, it's quite easy with tunnel-interfaces. Here the Routers are...

Karsten Iwen has commented on buy Certificate for ASA annyconnect to skip the "untrusted connection" message

1 week 1 day ago
You have to: Generate an Certificate Signing Request (CSR) on your ASA,...

Karsten Iwen has commented on Technical Support for asa bandwidth Management for users

1 week 1 day ago
The ASA is pretty much limited for this use-case. You can police the...

Karsten Iwen has commented on 2 VPN sessions at the same time with Any Connect

1 week 1 day ago
AnyConnect only supports one connection at the time. And I'm pretty sure...

Karsten Iwen has commented on NAT on ASA.

1 week 2 days ago
Two scenarios: Twice NAT or policy NAT: All traffic sent out of the outside...

Karsten Iwen has commented on How IP addresses work on Layer 2 switches ?

1 week 3 days ago
As Joseph already mentioned, the IP-logic of the switch has to be thought...

Karsten Iwen has commented on What ASA Software Version to choose? TLS v1.2 needed

1 week 3 days ago
What were the main issues with 9.4 ? The bug is very likely not...

Karsten Iwen has commented on How IP addresses work on Layer 2 switches ?

1 week 3 days ago
You have to be aware that the Term "Layer 2 switch" only means that the...

Karsten Iwen has commented on How IP addresses work on Layer 2 switches ?

1 week 3 days ago
There are typically two trigger conditions in that case: You monitor devices...

Karsten Iwen has commented on What ASA Software Version to choose? TLS v1.2 needed

1 week 3 days ago
I would go for the newest 9.5 interims release. These are running here stable...

Karsten Iwen has commented on Configure second Public Range on ASA

1 week 3 days ago
duplicate post, discussion started here.

Karsten Iwen has commented on IOS software Internet Key Exchange v2 Fragmentation Denial of Service Vulnerability FIX?

1 week 4 days ago
The vulnerability report states that the ASA is not vulnerable to this bug. But...

Karsten Iwen has commented on Licensing - Firewall ASA 5516X

1 week 4 days ago
In all actual deployments, you only need one license for the complete HA-system...

Karsten Iwen has commented on ASA - AWS: Where Can I Download the Anyconnect Image

1 week 6 days ago
ASA and AnyConnect are separately licensed products. Just because you bought...

Karsten Iwen has commented on The New 1800 ISR Routers

3 weeks 3 days ago
Just to add to Marks answer: Although they can have both ADSL and WLAN,...

Karsten Iwen has commented on ISE

3 weeks 3 days ago
 We will upgrade our switches to IOS version 15.2(2)E4. Please check...

Karsten Iwen has commented on Device for VPN (Urgent)

3 weeks 4 days ago
Nothing changed from the last discussion. ASA 5506 (with or without the Wifi...

Karsten Iwen has commented on Slow Memory Leak and/or Denial of Service with AnyConnect on 3845

3 weeks 6 days ago
Do you have a restrictive incoming ACL on the outside interface? This ACL...

Karsten Iwen has commented on DACLs in ISE

3 weeks 6 days ago
There are different limitations that can apply based on RADIUS and the switch-...

Karsten Iwen has commented on Cisco ISE TrustSec with DACL

3 weeks 6 days ago
DACLs are not directly related to Trustsec. They are applied to the ingress...

Karsten Iwen has commented on ISE 2.0 cisco press book

3 weeks 6 days ago
IMHO there is no good book on ISE 2.0 because there is no ISE 2.0 book at all...

Karsten Iwen has commented on Slow Memory Leak and/or Denial of Service with AnyConnect on 3845

4 weeks 4 hours ago
Ok, then that's the wrong direction ... The shown config is really quite basic...

Karsten Iwen has commented on Device required for VPN and Wifi

4 weeks 7 hours ago
For all kind of remote access VPN you need to have a public IP that is not...

Karsten Iwen has commented on Device required for VPN and Wifi

4 weeks 9 hours ago
Then it means all those VPN options and including WIFI feature is available...

Karsten Iwen has commented on Device required for VPN and Wifi

4 weeks 10 hours ago
Then go for the ASA 5506W.

Karsten Iwen has commented on Device required for VPN and Wifi

4 weeks 10 hours ago
no and yes, It doesn't support all these functions, but all common OS are...

Karsten Iwen has commented on Slow Memory Leak and/or Denial of Service with AnyConnect on 3845

4 weeks 11 hours ago
When looking at your installed AnyConnect versions, I would assume that your...

Karsten Iwen has commented on Cisco ISE & Cisco 250 Series Switches

4 weeks 11 hours ago
These devices are not on the compatibility list. But as they support...

Karsten Iwen has commented on Device required for VPN and Wifi

4 weeks 11 hours ago
The SA500 might provide VPN and Wifi, but as an EOL device not any security any...

Karsten Iwen has commented on Routers for VPN solution

4 weeks 1 day ago
The Cisco 892 comes with the Advanced IP Feature Set which is fine for your...

Karsten Iwen has commented on ISE 2.0 wildcard certificate

1 month 2 hours ago
but it tells me the certificate file is empty. Have you checked if the...

Karsten Iwen has commented on Cisco ASA Firewall VPN not support with Traffic zoning

1 month 2 days ago
Just a guess (I don't assume that you will get an official statement): Cisco...

Karsten Iwen has commented on To the developers of IOS version12.2(55)SE: Thank you

1 month 2 days ago
So true! These releases "just worked"!

Karsten Iwen has commented on Upgrading ISE via .iso

1 month 2 days ago
As far as I know, you can only install with the ISO, but not upgrade. What is...

Karsten Iwen has commented on Unable to encapsulation dot1q on catalyst3850

1 month 4 days ago
This command is only available if the switch platform supports both .1q and the...

Karsten Iwen has commented on Has anyone setup two factor VPN using a Cisco ASA VPN solution?

1 month 5 days ago
For some time now, I only implemented DUO as the second factor (...

Karsten Iwen has commented on Regex not working ASA

1 month 5 days ago
You have to configure a "match-all" http class map that matches on the host "...

Karsten Iwen has commented on ISE License Consumption

1 month 5 days ago
Have you configured your NADs correctly for RADIUS-accounting? If that is...

Karsten Iwen has commented on Site-to-Site with ASA and FortiGate

1 month 5 days ago
Then your oder of the NAT statements in probably wrong. The dynamic NAT for the...

Karsten Iwen has commented on ASA 5508 software upgrade

1 month 5 days ago
the latest version is 9.6(1)3, but personally I would go for 9.5(2)10 if you...

Karsten Iwen has commented on Site to site VPN

1 month 5 days ago
Are the new subnets member of the crypto definition on both VPN-gateways?...

Karsten Iwen has commented on VPN site-to-site

1 month 5 days ago
Which traffic is used in the tunnel is completely independent of your public IP...

Karsten Iwen has commented on Can I run a dedicated VPN ASA?

1 month 5 days ago
Although you could run the two ASAs standalone, you should question yourself if...

Karsten Iwen has commented on Looking for Enterprise WiFi solution with Mutual Certificate Authentication

1 month 1 week ago
Then it's probably documented elsewhere ... ;-) Well, not sure how to find it...

Karsten Iwen has commented on ASA 5505 IKEv1 Encryption Stuck on AES-256

1 month 1 week ago
Cisco Adaptive Security Appliance Software Version 9.1(7) This release has...

Bio

I started my work in the IT at about 1995/1996 as a freelance Trainer and consultant with a focus on networking, Novell NetWare and Microsoft Backoffice. In 2001 I started teaching Cisco classes at Global Knowledge in Germany. Since 2003 I'm again Freelancer with a strong focus on security technologies and infrastructure.
And yes, you can hire me for your security-projects and security-workshops. ;-)








  • Cisco Designated VIP

    2016 Firewalling, VPN





  • Cisco Designated VIP

    2015 Security





  • Cisco Designated VIP

    2014 Security





  • Cisco Designated VIP

    2013 Security





  • Community Spotlight Award

    Mobile App Contributor August 2012









Karsten Iwen's Stats

Points6384
Discussion started 18
Answers marked as Correct 859
Endorsed 25
Content Rated 95