Karsten Iwen

Member Since: Dec 21, 2006

English
Karsten Iwen's Activity on Cisco Support Community
Currently displaying 50 results

Karsten Iwen has commented on Unable to encapsulation dot1q on catalyst3850

1 day 12 hours ago
This command is only available if the switch platform supports both .1q and the...

Karsten Iwen has commented on Has anyone setup two factor VPN using a Cisco ASA VPN solution?

2 days 1 hour ago
For some time now, I only implemented DUO as the second factor (...

Karsten Iwen has commented on Regex not working ASA

2 days 2 hours ago
You have to configure a "match-all" http class map that matches on the host "...

Karsten Iwen has commented on ISE License Consumption

2 days 2 hours ago
Have you configured your NADs correctly for RADIUS-accounting? If that is...

Karsten Iwen has commented on Site-to-Site with ASA and FortiGate

2 days 3 hours ago
Then your oder of the NAT statements in probably wrong. The dynamic NAT for the...

Karsten Iwen has commented on ASA 5508 software upgrade

2 days 3 hours ago
the latest version is 9.6(1)3, but personally I would go for 9.5(2)10 if you...

Karsten Iwen has commented on Site to site VPN

2 days 3 hours ago
Are the new subnets member of the crypto definition on both VPN-gateways?...

Karsten Iwen has commented on VPN site-to-site

2 days 5 hours ago
Which traffic is used in the tunnel is completely independent of your public IP...

Karsten Iwen has commented on Can I run a dedicated VPN ASA?

2 days 5 hours ago
Although you could run the two ASAs standalone, you should question yourself if...

Karsten Iwen has commented on Looking for Enterprise WiFi solution with Mutual Certificate Authentication

4 days 2 hours ago
Then it's probably documented elsewhere ... ;-) Well, not sure how to find it...

Karsten Iwen has commented on ASA 5505 IKEv1 Encryption Stuck on AES-256

5 days 1 hour ago
Cisco Adaptive Security Appliance Software Version 9.1(7) This release has...

Karsten Iwen has commented on Looking for Enterprise WiFi solution with Mutual Certificate Authentication

5 days 2 hours ago
If you want it powerful *and* easy, look into Cisco Meraki APs together with...

Karsten Iwen has commented on Why we need SSL and TLS and how to config TLS if already SSL present ?

5 days 5 hours ago
If you need to enable the webserver on your switches/router, then you need to...

Karsten Iwen has commented on Why we need SSL and TLS and how to config TLS if already SSL present ?

5 days 9 hours ago
The config only relates to IPsec VPNs. And on your platform, you won't get rid...

Karsten Iwen has commented on Firewall Configuration

5 days 23 hours ago
Not sure if I understand you correctly ... You are outside and want to...

Karsten Iwen has commented on Why we need SSL and TLS and how to config TLS if already SSL present ?

6 days 6 hours ago
First: I would upgrade to the newest 8.4 interims-release or if possible to the...

Karsten Iwen has commented on Why we need SSL and TLS and how to config TLS if already SSL present ?

6 days 7 hours ago
what is the purpose of having ssl and tls in our network TLS is the...

Karsten Iwen has commented on Found Cheap Cisco Firewall License, is it real?

6 days 7 hours ago
It could be a "real" license. But you still shouldn't buy it as these licenses...

Karsten Iwen has commented on ASA5545 gold-starring interm release

6 days 13 hours ago
Although not fully regression tested, these releases can show up to be...

Karsten Iwen has commented on Firewall Configuration

6 days 14 hours ago
So you want to attach your users directly to the ASA as it was common on the...

Karsten Iwen has commented on Firewall Configuration

1 week 28 min ago
The -X ASAs don't use VLAN interfaces. These are only used on the...

Karsten Iwen has commented on One router with 2 WAN links

1 week 3 hours ago
well, that really answers your question ... One router with two links.

Karsten Iwen has commented on One router with 2 WAN links

1 week 1 day ago
That depends on what you want to achieve. If you are only interested in...

Karsten Iwen has commented on Default Telnet Password

1 week 2 days ago
SSH/ASDM should also authenticate with the local accounts if you configure the...

Karsten Iwen has commented on Default Telnet Password

1 week 2 days ago
There is no default telnet password (any more). You have to use the username/...

Karsten Iwen has commented on Need Blocking websites on Cisco asa 5505

1 week 2 days ago
The ASA 5505 is pretty much limited for this use case. You can use the...

Karsten Iwen has commented on IKEv1 to IKEv2

1 week 2 days ago
You can run both IKEv1 and IKEv2 at the same time. With enabling IKEv2 on the...

Karsten Iwen has commented on ASA ACL using FQDN with Wildcard

1 week 2 days ago
Solutions that inspect the payload can do that like the FirePower module that...

Karsten Iwen has commented on no WIFI icon displayed on my IPAD

1 week 2 days ago
And please send a screenshot of what you actually have in the top left corner.

Karsten Iwen has commented on DNS issue on IPSec site to site

1 week 2 days ago
That problem is not related to VPNs but to the way a computer resolves names....

Karsten Iwen has commented on ASA ACL using FQDN with Wildcard

1 week 2 days ago
No, that won't work. The ASA uses the FQDNs to resolve them to an IP address....

Karsten Iwen has commented on ikev2 asa s2s vpn

1 week 2 days ago
When nothing happens, it's very often a missing NAT exemption. Use packet-...

Karsten Iwen has commented on Update DynDNS with public IP address.

1 week 3 days ago
Your "ISP modem" is running as a router. If you can convert it to modem-mode,...

Karsten Iwen has commented on Increasing from 2 devices managed ASA's in FireSight to 3? Do I have to re-install?

1 week 3 days ago
1) Yes, there is no upgrade from 2 to 10 managed devices. 2) I had the same...

Karsten Iwen has commented on moving cisco asa from active standby to active active failover

1 week 3 days ago
Your ASA will be rebuilt completely.  Although there is a migration...

Karsten Iwen has commented on CISCO ASA 5508-X

1 week 4 days ago
You find that under: Adaptive Security Appliance (ASA) Software  ->...

Karsten Iwen has commented on How ASA traffic route according to NAT and DMZ present?

1 week 4 days ago
In a proxy-setup the Proxy will do the name-lookup. For that you need to...

Karsten Iwen has commented on How to configure SSH on router?

1 week 4 days ago
Have you created a public/private keypair? Some more info on configuring SSH:...

Karsten Iwen has commented on ASA 5555-X Clustering and Feature Licenses

1 week 4 days ago
You need on both ASAs: Cluster-license (enabled by default) Encryption...

Karsten Iwen has commented on Need to know the maximum VPN SAs possible in 5545-x

1 week 5 days ago
ASA 5545-X supports up to 2500 VPN-peers which is far more then you need here...

Karsten Iwen has commented on Nexus Audit - "The SSH server is configured to use Cipher Block Chaining."

1 week 5 days ago
In IOS it's possible to restrict the SSH-ciphers in the newer releases. As far...

Karsten Iwen has commented on ASA Signature algorithm:SHA1 TO SHA256

1 week 5 days ago
That is not possible on the ASA. Configure your CA to issue SHA256 based...

Karsten Iwen has commented on New ASA5506 with old Software

1 week 5 days ago
I'm not aware of a one-time-purchase of a new software version. And it...

Karsten Iwen has commented on Transition from WLC to Meraki

1 week 5 days ago
What would I do within the WLC and the Meraki's to let them play together...

Karsten Iwen has commented on ASA 5506 - Unable to set DH Group 20

1 week 5 days ago
This behavior is shown if the crypto map sequence is already in use with a peer...

Karsten Iwen has commented on Static NAT configuration on ASA5520 (8.4+)

1 week 5 days ago
Did the other ASA run the exact same version? There were changes in NAT-...

Karsten Iwen has commented on IKEv2 IPsec proposal AES-GCM-256 encryption requires NULL for the Integrity algorithm

1 week 5 days ago
GCM is an authenticated encryption. That means that all what was done...

Karsten Iwen has commented on ASA 5506-X Sourcefire 6.0.1-29 URL FILTERING NOT WORKING

1 week 5 days ago
Fine that it works. You can check and request changes to the categories...

Karsten Iwen has commented on ASA 5506-X Sourcefire 6.0.1-29 URL FILTERING NOT WORKING

1 week 6 days ago
can you connect to the internet from the sfr-module? That's needed to load the...

Karsten Iwen has commented on Static NAT configuration on ASA5520 (8.4+)

1 week 6 days ago
Two things to check in your config: Is the routing to the internet correct...

Bio

I started my work in the IT at about 1995/1996 as a freelance Trainer and consultant with a focus on networking, Novell NetWare and Microsoft Backoffice. In 2001 I started teaching Cisco classes at Global Knowledge in Germany. Since 2003 I'm again Freelancer with a strong focus on security technologies and infrastructure.
And yes, you can hire me for your security-projects and security-workshops. ;-)








  • Cisco Designated VIP

    2016 Firewalling, VPN





  • Cisco Designated VIP

    2015 Security





  • Cisco Designated VIP

    2014 Security





  • Cisco Designated VIP

    2013 Security





  • Community Spotlight Award

    Mobile App Contributor August 2012









Karsten Iwen's Stats

Points6289
Discussion started 18
Answers marked as Correct 848
Endorsed 25
Content Rated 95