Karsten Iwen

Member Since: Dec 21, 2006

English
Karsten Iwen's Activity on Cisco Support Community
Currently displaying 50 results

Karsten Iwen has commented on Help with new code NAT statement that has no destination but translate hits

4 hours 58 min ago
Have you tested it without the NAT-exemptions? That's the most important...

Karsten Iwen has commented on ASA 5525X With FirePOWER Setup

6 hours 58 min ago
No, the FirePOWER module only works on the m0/0 interface. If that is connected...

Karsten Iwen has commented on CA Certificates for ASA on Active/Standby Configuration

8 hours 37 min ago
You certificates should sync to the standby unit. Is your failover working...

Karsten Iwen has commented on Does it possible ASA 5512-X with Switch 2960 (Inter-Vlan)

8 hours 45 min ago
> What is the problem ?The main problem is, that you don't ask a...

Karsten Iwen has commented on ASA 5525X With FirePOWER Setup

8 hours 49 min ago
You don't need a route for your directly connected management-network, but...

Karsten Iwen has commented on Can't ping across the firewall

9 hours 8 min ago
After thinking about it twice, it's clear. I wrote to change it...

Karsten Iwen has commented on Can't ping across the firewall

19 hours 54 min ago
On R1: For Ethernet, always use the next-hop IP in static routes, and not...

Karsten Iwen has commented on Can't ping across the firewall

1 day 4 hours ago
You config shows that you have enabled the statefull inspection of icmp,...

Karsten Iwen has commented on Exempting NAT traffic for VPN when sysopt is disabled...

1 day 4 hours ago
The vpn-filter is shown in the config-guide:http://www.cisco.com/c/en/us/td/...

Karsten Iwen has commented on Help with new code NAT statement that has no destination but translate hits

3 days 3 hours ago
Yes, the five statements seem to be not needed in your scenario.Is the API...

Karsten Iwen has commented on same security level state table

3 days 8 hours ago
The ASA will still work as a firewall for traffic between interfaces with the...

Karsten Iwen has commented on AutoNAT and ManualNAT question

3 days 9 hours ago
Yes, the syntax a bit confusing ... You configure the nat-rule in object-mode...

Karsten Iwen has commented on Help with new code NAT statement that has no destination but translate hits

3 days 12 hours ago
These NAT-exemption-rules are only needed if there is done NAT on the ASA,...

Karsten Iwen has commented on Packet drops between ASA and ISP Modem

3 days 12 hours ago
1) You should revert all ARP/MAC manipulations that you did. It's not...

Karsten Iwen has commented on AnyConnect VPN configuration on a 2921 router ?

3 days 15 hours ago
The command is "interface Virtual-Template1". Here is an example-...

Karsten Iwen has commented on Can I port forward accross a VPN

4 days 3 hours ago
If you have crypto-maps running and you prefer split-tunneling, then I would...

Karsten Iwen has commented on Show NAT tranlations on ASA

4 days 4 hours ago
What are you looking for exactly if "show xlate" is not what you need...

Karsten Iwen has commented on Can I port forward accross a VPN

4 days 5 hours ago
You are probably running into more then one problem here (I assume that you are...

Karsten Iwen has commented on Remtoe VPN users lost their local internet connection after they made the VPN connection.

4 days 5 hours ago
For sure, go to configuration -> Remote-Access-VPNs, edit the Group-policy...

Karsten Iwen has commented on Exempting NAT traffic for VPN when sysopt is disabled...

4 days 5 hours ago
You only need one new NAT-rule at the beginning of the NAT-list: object-...

Karsten Iwen has commented on Remtoe VPN users lost their local internet connection after they made the VPN connection.

4 days 5 hours ago
It more a routing issue that gets controlled by an ACL. Bay default the client...

Karsten Iwen has commented on Remtoe VPN users lost their local internet connection after they made the VPN connection.

4 days 6 hours ago
You need Split-Tunneling. With that you tell the client to only send traffic...

Karsten Iwen has commented on Help with new code NAT statement that has no destination but translate hits

4 days 9 hours ago
If there is no destination in the NAT-statement, then the destination is "...

Karsten Iwen has commented on Subscription addtional Feature of UT M

4 days 10 hours ago
Yes, you can add additional services to the ASA. For that you have to add the...

Karsten Iwen has commented on IPEP Inlien posture without ASA

4 days 10 hours ago
If you don't want to posture your clients to assign differentiated access-...

Karsten Iwen has commented on Multiple public IP Addresses on ASA 5505

4 days 11 hours ago
On the ASA, there are no multiple addresses on an interface. But your scenario...

Karsten Iwen has commented on ASA5545-k9 - Backup FW Status failed in Failover

4 days 15 hours ago
You should be physically at then secondary appliance anyway to analyze the...

Karsten Iwen has commented on ASA5545-k9 - Backup FW Status failed in Failover

4 days 15 hours ago
failover needs to to be configured on the secondary unit. Here is how I would...

Karsten Iwen has commented on TACACs not working on Firewall device

4 days 16 hours ago
not sure what you tried, but the ASA-config for TACACS looks like the following...

Karsten Iwen has commented on Unencrypted vs encrytped password

4 days 18 hours ago
First and most important: The type-7 passwords that you get with "service...

Karsten Iwen has commented on Giving internet access to additional subnet on 877W

4 days 19 hours ago
You just need to allow your new VLAN to use NAT-services. Your ACL 1 which...

Karsten Iwen has commented on to prevent login to asdm using only enable password without username

4 days 19 hours ago
Duplicate post, answered here.

Karsten Iwen has commented on disable login to cisco asa via asdm with enable password only

4 days 19 hours ago
aaa authentication http console LOCAL Replace LOCAL with your aaa-server-...

Karsten Iwen has commented on Cisco ASA 5516-X with FirePower and FireSight Management Console

4 days 20 hours ago
No, idea ... This is what is stated in the ordering-guide: Cisco...

Karsten Iwen has commented on How to know the connection between ASA and 6509 ?

5 days 4 hours ago
I assume that you did something wrong. The MAC should show up in the switch...

Karsten Iwen has commented on How to know the connection between ASA and 6509 ?

5 days 5 hours ago
The ASA doesn't support CDP, so you can't use it to find neighbors.But...

Karsten Iwen has commented on SITE TO SITE VPN CONFIGURATION WITH OVERLAPPING SUBNETS

5 days 5 hours ago
After seeing the first syntactical problem in the first line through your...

Karsten Iwen has commented on disable SSL and enable TLS in SFE2000

5 days 6 hours ago
These devices are EOS and Cisco didn't take care of them for a quite long...

Karsten Iwen has commented on Anyconnect 4.0 Licensing

6 days 4 hours ago
The concurrent connections don't play any role any more with AC4. You need...

Karsten Iwen has commented on Adding up SSL license in ASA

6 days 4 hours ago
Which License are you trying to apply? If there are already SSL-Licenses on...

Karsten Iwen has commented on IPSEC Tunnel between ASA to ASA is not getting up

6 days 17 hours ago
On Site B you configured an IKEv2 policy, but you need a matching IKEv1 policy...

Karsten Iwen has commented on Need Help I Cant Login After Change Enable Password

6 days 20 hours ago
If you can't login any more, you need to power cycle the switch or router.

Karsten Iwen has commented on Cisco ASA 5516-X with FirePower and FireSight Management Console

1 week 3 hours ago
First there is the "ASA with FirePOWER" product-page with lots of...

Karsten Iwen has commented on Cisco ASA 5516-X with FirePower and FireSight Management Console

1 week 3 hours ago
1) Thats right and documented at least in the FirePOWER ordering guide.2) The...

Karsten Iwen has commented on Cisco ASA 5505 and VoIP configuration

1 week 4 hours ago
You can configure the switchport as trunk (you need the SecPlus License for...

Karsten Iwen has commented on Packet Tracer from ASDM no longer working

1 week 8 hours ago
1) you can run it from the command-line. Just skip the "inline-tag X...

Karsten Iwen has commented on Packet Tracer from ASDM no longer working

1 week 10 hours ago
The syntax that the ASDM tries to send to the ASA is wrong (inline tags are...

Karsten Iwen has commented on No SSH Capability on 3550

1 week 11 hours ago
You probably downloaded the wrong image. There are images "w/o crypto...

Karsten Iwen has commented on is it possible to configure site to site vpn in WS-C3560X-24T-S

1 week 11 hours ago
Have you seen that implemented? Just because there is IKEv2 doesn't mean...

Karsten Iwen has commented on Internet Access via MGMT port of ASA5545-X

1 week 13 hours ago
Yes, CX is connected to the ASA-inside-network. The default-gateway of CX has...

Bio

I started my work in the IT at about 1995/1996 as a freelance Trainer and consultant with a focus on networking, Novell NetWare and Microsoft Backoffice. In 2001 I started teaching Cisco classes at Global Knowledge in Germany. Since 2003 I'm again Freelancer with a strong focus on security technologies and infrastructure.
And yes, you can hire me for your security-projects and security-workshops. ;-)








  • Cisco Designated VIP

    2015 Security





  • Cisco Designated VIP

    2014 Security





  • Cisco Designated VIP

    2013 Security





  • Community Spotlight Award

    Mobile App Contributor August 2012









Karsten Iwen's Stats

Points4492
Discussion started 16
Answers marked as Correct 636
Endorsed 14
Content Rated 79