Karsten Iwen

Member Since: Dec 21, 2006

English
Karsten Iwen's Activity on Cisco Support Community
Currently displaying 50 results

Karsten Iwen has commented on Cisco IPSEC VPN License

3 hours 41 min ago
There are no site-to-site VPNs in your config.No, the SecPlus won't help...

Karsten Iwen has commented on Cisco IPSEC VPN License

13 hours 31 min ago
To take the above idea further:Are your users all logging into the VPN with the...

Karsten Iwen has commented on Cisco IPSEC VPN License

14 hours 22 min ago
Hi Marvin,he is using EzVPN and not AnyConnect. Although AC is of course better...

Karsten Iwen has commented on Cisco IPSEC VPN License

17 hours 43 min ago
> i already upgarde it and make it to boot from asa844-k8.bin, but...

Karsten Iwen has commented on Cisco IPSEC VPN License

17 hours 49 min ago
what exactly does fail and with which error (on the client and in the ASA-log)?

Karsten Iwen has commented on ASA SSL( AnyConnect) VPN behind NATed DSL router

18 hours 42 min ago
VPN pass-through is typically an IPSec-function that you don't need here....

Karsten Iwen has commented on Switchport security best practises for Cisco IP Phones

18 hours 50 min ago
If you see all these as the attack-vector for your environment, there is only...

Karsten Iwen has commented on ASA: can I have multiple subinterfaces with a separate VPN tunnel terminated on each sub?

18 hours 57 min ago
it has to be  crypto map CrypSub1 interface outside1 as the CMs...

Karsten Iwen has commented on Cisco ASA5510 IPsec vpn License question

19 hours 5 min ago
duplicate post; discussion started here.

Karsten Iwen has commented on Cisco IPSEC VPN License

19 hours 6 min ago
As Jon said, the license has nothing to do with your problem.You should:1...

Karsten Iwen has commented on How to transite from ssl certificate SHA-1 to SHA-2 in ASA 5555

1 week 5 days ago
That depends on the CA. Many CAs give you the choice between SHA-1 and SHA256...

Karsten Iwen has commented on Policy Based Routing in Cisco ASA

2 weeks 21 hours ago
The ASA is not capable of policy-based routing. At least not in the actual...

Karsten Iwen has commented on ASA5505-SEC-BUN-K9 features

2 weeks 4 days ago
The 5506-X is not yet available. So there is not much detailed information...

Karsten Iwen has commented on ASA 5520 Active/standby - Standby ASA crashing

2 weeks 6 days ago
Do both units are the same?Do you have the supported amount of RAM (2 Gigabyte...

Karsten Iwen has commented on Hide Group Profile in AnyConnect

3 weeks 1 hour ago
That has nothing to do if the Authentication is done locally or over RADIUS....

Karsten Iwen has commented on ASA5505-SEC-BUN-K9 features

3 weeks 2 days ago
1) Yes, they can get a combined download-speed of (nearly) 100 MBit. On my...

Karsten Iwen has commented on Site to Site VPN to offload WAN traffic

3 weeks 2 days ago
Sending the IPsec-traffic through the ASA is no problem if you don't...

Karsten Iwen has commented on ASA 5505 v9.1 - etherchannel

3 weeks 2 days ago
Sadly, the ASA 5505 can't build EtherChannels, regardless of the Software-...

Karsten Iwen has commented on ASA5505-SEC-BUN-K9 features

3 weeks 2 days ago
1) The 5505 only has FastEthernet-interfaces. You'll never get more than...

Karsten Iwen has commented on Site to Site VPN to offload WAN traffic

3 weeks 4 days ago
When configuring your VPN, you use an ACL to define which traffic will be...

Karsten Iwen has commented on Configure multiple SSH connections through ASA

3 weeks 4 days ago
There are many ways: If you have multiple public IPs, then you configure PAT...

Karsten Iwen has commented on Cisco ASA5545-X CX Application Visibility and Control and Web Security Essentials

3 weeks 4 days ago
You can configure URL-objects under: Components -> Objects -> "...

Karsten Iwen has commented on Dual ISP, Active/Standby ASA, and RA VPN

3 weeks 5 days ago
That's right, the config is replicated. But be aware that other elements,...

Karsten Iwen has commented on Dual ISP, Active/Standby ASA, and RA VPN

3 weeks 5 days ago
no, it's symmetric. Traffic entering on the Backup-ISP-interface will leave...

Karsten Iwen has commented on Dual ISP, Active/Standby ASA, and RA VPN

3 weeks 5 days ago
For outgoing traffic, only the primary link is used. But for incoming traffic,...

Karsten Iwen has commented on Dual ISP, Active/Standby ASA, and RA VPN

3 weeks 5 days ago
Yes, the ASAs should be connected as shown in the drawing.But both interfaces...

Karsten Iwen has commented on Firewall interface IP address and Source and Object group network IP address

3 weeks 5 days ago
Yes, here an example: Internet ------ ASA ------------- L3-Sw -----------...

Karsten Iwen has commented on Firewall interface IP address and Source and Object group network IP address

3 weeks 5 days ago
The source address is an address that can enter the ASA on that interface. That...

Karsten Iwen has commented on Need to check if the asa factory setting features from serial number as buying a cisco asa 5505 from ebay .

3 weeks 5 days ago
Not really clear what you mean, but the output of sh activation-key...

Karsten Iwen has commented on Simple question - How to configure a rule in ASA 5525

3 weeks 5 days ago
please post your config (without passwords) to see what's going wrong.

Karsten Iwen has commented on Simple question - How to configure a rule in ASA 5525

3 weeks 5 days ago
It's "inside_access_in", not "inside_access_out".

Karsten Iwen has commented on Simple question - How to configure a rule in ASA 5525

3 weeks 5 days ago
If you can reach other systems on the internet, it's very likely that you...

Karsten Iwen has commented on show access-l in asa v9.1(2) objects-groups not expanding

3 weeks 5 days ago
There were some bugs regarding ACLs with object-groups in 9.1x. They don't...

Karsten Iwen has commented on Simple question - How to configure a rule in ASA 5525

3 weeks 5 days ago
Issue the command "show run access-group" and look for the name of...

Karsten Iwen has commented on Website is blocked by Ironport because it is not classified

3 weeks 5 days ago
That can be done at https://securityhub.cisco.com/web/submit_urlsIt's now...

Karsten Iwen has commented on NAT public /24 to private /24

3 weeks 5 days ago
This can be easily done: object network PUBLIC subnet 198.51.100.0 255....

Karsten Iwen has commented on Cisco ASA5545-X CX Application Visibility and Control and Web Security Essentials

3 weeks 5 days ago
You can start with the User-Guide:http://www.cisco.com/c/en/us/td/docs/security...

Karsten Iwen has commented on Dual ISP, Active/Standby ASA, and RA VPN

3 weeks 5 days ago
This is a design that would be fine for an IOS-router but that doesn't...

Karsten Iwen has commented on Disabling SSH CBC cipher on Cisco routers/switches

1 month 3 days ago
Well, when the device doesn't answer a SSH-request, there will be no cipher...

Karsten Iwen has commented on bryan p

1 month 3 days ago
no, the new line will be added to the list and both networks will get NATed.

Karsten Iwen has commented on bryan p

1 month 3 days ago
One more thing. For PPPoE, the MTU is typically 1492 unless told from the...

Karsten Iwen has commented on bryan p

1 month 3 days ago
You duplicated to much of the config as both VLANs will use the same NAT...

Karsten Iwen has commented on site to site VPN ISSUE

1 month 3 days ago
I just saw that you wrote above that ping/telnet to the device is working, so...

Karsten Iwen has commented on site to site VPN ISSUE

1 month 4 days ago
> Traffic is matching so where is the issue am really fed up with...

Karsten Iwen has commented on bryan p

1 month 4 days ago
Are the PCs using the vlan2-ip as the default-gateway?If yes, there is probably...

Karsten Iwen has commented on site to site VPN ISSUE

1 month 4 days ago
(Please look at the corrected configs above, you probably spoted that there was...

Karsten Iwen has commented on Cisco 5505 in routed mode - how to translate port 8888 to 3389 (Not NAT)

1 month 4 days ago
You probably want to translate it to a inside private IP? The NAT-config could...

Karsten Iwen has commented on site to site VPN ISSUE

1 month 4 days ago
> What i get is that router is not processing HTTP traffic through tunnel....

Karsten Iwen has commented on ASA 555 and DAP issue

1 month 4 days ago
You didn't mention any DNS-issues ... What kind of problems do they have?

Karsten Iwen has commented on site to site VPN ISSUE

1 month 4 days ago
> Yeah i can ping the devices and also telnet are success from head office...

Bio

I started my work in the IT at about 1995/1996 as a freelance Trainer and consultant with a focus on networking, Novell NetWare and Microsoft Backoffice. In 2001 I started teaching Cisco classes at Global Knowledge in Germany. Since 2003 I'm again Freelancer with a strong focus on security technologies and infrastructure.
And yes, you can hire me for your security-projects and security-workshops. ;-)








  • Cisco Designated VIP

    2015 Security





  • Cisco Designated VIP

    2014 Security





  • Cisco Designated VIP

    2013 Security





  • Community Spotlight Award

    Mobile App Contributor August 2012









Karsten Iwen's Stats

Points4062
Discussion started 16
Answers marked as Correct 579
Endorsed 11
Content Rated 76