Karsten Iwen

Member Since: Dec 21, 2006

English
Karsten Iwen's Activity on Cisco Support Community
Currently displaying 50 results

Karsten Iwen has commented on TLSv1.1 or 1.2 support on ASA 5540

1 day 17 hours ago
But sadly, your ASA (and many of mine) will not get this version. It's only...

Karsten Iwen has commented on Block / Deny ICMP Traffic cisco asa 5512-x

3 days 3 hours ago
Do you have other icmp-rules in place? Please show the output of "show run...

Karsten Iwen has commented on Setting up VPN between 3 sites | Cisco 1921/K9

5 days 6 hours ago
A 1921 with a security license can easily handle three VPNs (and more) on a...

Karsten Iwen has commented on ICMP allow over IPSEC

5 days 6 hours ago
By default, all traffic defined in your crypto ACL is allowed. So it depends...

Karsten Iwen has commented on ASA 9.1(2) - Allowing ping,telnet or access to inside hosts from outside hosts

5 days 10 hours ago
The config in the policy-map is only for pinging through the ASA. It's not...

Karsten Iwen has commented on ASA 9.1(2) - Allowing ping,telnet or access to inside hosts from outside hosts

5 days 11 hours ago
looks fine. Also troubleshoot if you 3rd party can send any traffic in your...

Karsten Iwen has commented on ASA 9.1(2) - Allowing ping,telnet or access to inside hosts from outside hosts

5 days 11 hours ago
These two lines are not needed as the ACL needs the real-IP, not the translated...

Karsten Iwen has commented on Strange IP address with big traffic

5 days 11 hours ago
These connections don't come from the outside, they are initiated from your...

Karsten Iwen has commented on Cisco IronPort C170 + Exchange Server 2013

5 days 14 hours ago
For the Exchange-part, there are some resources on MS Technet:http://social....

Karsten Iwen has commented on CHEAP ASA 5505 flash and memory upgrades

6 days 3 hours ago
Ok, with your "mass-deployment", that way could really be easier.

Karsten Iwen has commented on Layer 3 switch and DMZ

6 days 7 hours ago
If you can't ping the other switches from the main switch, that can have...

Karsten Iwen has commented on Layer 3 switch and DMZ

6 days 7 hours ago
As John mentioned, using VLAN 14 -- which is obviously a kind of management-...

Karsten Iwen has commented on How to configure ASA 5505 with 2900 Internet Gateway

6 days 8 hours ago
First you should ask yourself if the 2900 router is really needed. If your ISP...

Karsten Iwen has commented on ASA5515-K9 ASA5510-SEC-BUN-K9 VPN

6 days 11 hours ago
The actual license includes Site-to-site IPsec and IKEv1 remote access (which...

Karsten Iwen has commented on Cisco ASA versions

6 days 11 hours ago
I don't think that this is information that is publicly available. But it...

Karsten Iwen has commented on CHEAP ASA 5505 flash and memory upgrades

6 days 11 hours ago
On the original CF-card, there are hidden folders that contain your...

Karsten Iwen has commented on Cisco IronPort C170 + Exchange Server 2013

6 days 11 hours ago
You can start with the Cisco Validated Design Guide for ESA:http://www.cisco....

Karsten Iwen has commented on Block / Deny ICMP Traffic cisco asa 5512-x

6 days 13 hours ago
Can you use AnyConnect/ASDM without that command? These problems should be...

Karsten Iwen has commented on Manage hosts on DMZ from Inside network

6 days 22 hours ago
Instead of NATing to the DMZ, you could also configure NAT-Exemption for the...

Karsten Iwen has commented on ASA - No Forward

1 week 14 min ago
If I understand you right, you are looking for the interface-feature ...

Karsten Iwen has commented on 2900 router performance

1 week 2 days ago
I would also take the 4331 into consideration instead of the 2900 ISR G2.

Karsten Iwen has commented on write erase on ASA 5540

1 week 2 days ago
you can erase your config without losing the licenses. They are not stored...

Karsten Iwen has commented on ASDM - which Java version?

1 week 3 days ago
Due to security reasons you should always update Java to the latest version. So...

Karsten Iwen has commented on Cisco IPSEC VPN License

1 week 3 days ago
This is from the config-guide: The Cisco ASA 5505 can function as a Cisco...

Karsten Iwen has commented on Cisco ASA throughput calculation

1 week 3 days ago
I was hoping that someone else would jump in with some additional insight. I...

Karsten Iwen has commented on Cisco IPS

1 week 4 days ago
I'm not sure for FirePOWER, but I assume that it also doesn't like...

Karsten Iwen has commented on Cisco ASA site to site ipsec VPN

1 week 4 days ago
The settings look compatible. For NAT-Exemption make sure that you configure it...

Karsten Iwen has commented on Trunking Question on ASA 5505

1 week 4 days ago
For sure you can. The ASA can provide DHCP-services on multiple interfaces.

Karsten Iwen has commented on Cisco IPS

1 week 4 days ago
Which IPS are you using? FirePOWER or the legacy Cisco-IPS? At least the...

Karsten Iwen has commented on Trunking Question on ASA 5505

1 week 5 days ago
The DHCP-config is bound to the L3-interface while the settings to access or...

Karsten Iwen has commented on Cisco Easy&Dynamic VPN

1 week 5 days ago
Yes, you can use both at the same time. For a less complex config you should...

Karsten Iwen has commented on Regarding ASA nat issue

1 week 5 days ago
The keyword "interface" is typically used when you only have one...

Karsten Iwen has commented on Cisco IPS

1 week 6 days ago
This is the wrong question for the way the Cisco IPS (regardless if it is the...

Karsten Iwen has commented on cisco 1900 series ssl vpn license

1 week 6 days ago
I think the best way is to license the new AnyConnect 4 which is also valid for...

Karsten Iwen has commented on Cisco ASA site to site ipsec VPN

1 week 6 days ago
At least it is a valid config. To be correct, it has to match the config of the...

Karsten Iwen has commented on VPN tunnel VTI

1 week 6 days ago
This problem shows up when a router "sees" the tunnel destination...

Karsten Iwen has commented on Cisco VPN connectivity b/w 2801 and 1841

3 weeks 15 hours ago
Your link is for DMVPN which really doesn't make any sense for a VPN...

Karsten Iwen has commented on Which Image should we need for the below model router 2951 to support 4 Byte ASN number ?

3 weeks 1 day ago
> Can someone suggest ?a forum is no realtime-communication ... ;-)For the...

Karsten Iwen has commented on Firewall ASA 5505

3 weeks 2 days ago
> It is mandatory to place the server in the DMZ ?...

Karsten Iwen has commented on ASA ISP redundancy configuration help needed

3 weeks 2 days ago
The basic setup for this scenario will be the DualISP primary/backup.For VPN,...

Karsten Iwen has commented on Firewall ASA 5505

3 weeks 2 days ago
The easiest will be the "Public Server" function in ASDM:http://www....

Karsten Iwen has commented on New 1941 router in front of ASA 5525-x with second ISP connection for PBR

3 weeks 2 days ago
That won't work in a way that will satisfy you. But there are options you...

Karsten Iwen has commented on Cisco ASA throughput calculation

3 weeks 2 days ago
Just think about the following scenario:PC1 ---100M --- ASA --- 100M --- PC2Now...

Karsten Iwen has commented on ASA ACL question

3 weeks 3 days ago
I forgot to mention that there are situations where you can have unassigned...

Karsten Iwen has commented on ASA ACL question

3 weeks 3 days ago
Working with ACLs always involve two steps: You configure the ACL (with...

Karsten Iwen has commented on ASA Security+ failover licensing question

3 weeks 3 days ago
For 5512 and lower (it's the same for 5505, 5510, 5506-X), the SecPlus-...

Karsten Iwen has commented on Cisco IPSEC VPN License

3 weeks 3 days ago
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/...

Karsten Iwen has commented on Cisco IPSEC VPN License

3 weeks 3 days ago
You already have a tunnel-group "vpn" of type remote-access. The type...

Karsten Iwen has commented on Cisco VPN connectivity b/w 2801 and 1841

3 weeks 3 days ago
The crypto ACL on R2 is wrong, it has to be: access-list 100 permit ip 10....

Karsten Iwen has commented on ASA5515

3 weeks 3 days ago
No, if you want NGFW, then ASA5515-FPWR-K9 with the corresponding...

Bio

I started my work in the IT at about 1995/1996 as a freelance Trainer and consultant with a focus on networking, Novell NetWare and Microsoft Backoffice. In 2001 I started teaching Cisco classes at Global Knowledge in Germany. Since 2003 I'm again Freelancer with a strong focus on security technologies and infrastructure.
And yes, you can hire me for your security-projects and security-workshops. ;-)








  • Cisco Designated VIP

    2015 Security





  • Cisco Designated VIP

    2014 Security





  • Cisco Designated VIP

    2013 Security





  • Community Spotlight Award

    Mobile App Contributor August 2012









Karsten Iwen's Stats

Points4145
Discussion started 16
Answers marked as Correct 588
Endorsed 11
Content Rated 77