Karsten Iwen

Member Since: Dec 21, 2006

English
Karsten Iwen's Activity on Cisco Support Community
Currently displaying 50 results

Karsten Iwen has commented on Vulnerability Assessment SSLV3 Poodle attack

3 min 51 sec ago
I'm not yet aware of a way to force TLS1.2. Sadly, Cisco is/was quite...

Karsten Iwen has commented on ASA5512 self signed certificate +PCI compliance

24 min 53 sec ago
For SHA-2 you need to use an external CA or generate a certificate with a tool...

Karsten Iwen has commented on ASA 5525-x security context traffic police

51 min 40 sec ago
QoS is not supported for multiple-context-mode:Unsupported FeaturesMultiple...

Karsten Iwen has commented on Vulnerability Assessment SSLV3 Poodle attack

1 hour 15 min ago
It's not only that newer releases include fixes for this vulnerability,...

Karsten Iwen has commented on how to configure ASA 5512 (9.2) allow mail server smtp?

1 hour 38 min ago
As a rule of thumb, the dynamic NAT/PAT rules always have to come at last (that...

Karsten Iwen has commented on Memory card on router

1 hour 43 min ago
If I remember right, these devices support at least 64 MB of flash. And with 12...

Karsten Iwen has commented on Authentication with 802.1x

5 hours 19 min ago
The Authentication-server only gets active when there is an authentication-...

Karsten Iwen has commented on Memory card on router

5 hours 52 min ago
Sometimes the bootrom limits the size of supported flash on the router. Go to...

Karsten Iwen has commented on how to configure ASA 5512 (9.2) allow mail server smtp?

6 hours 48 min ago
The order of your NAT-statemens is incorrect. The dynamic NAT/PAT needs to be...

Karsten Iwen has commented on VPN Interesting Traffic ACL

6 hours 57 min ago
 >Does that mean if I have an ASA with a global ACL, then every time I...

Karsten Iwen has commented on Setup an inbound ACL when NAT is used?

7 hours 2 min ago
You ACL "Firewall" needs to use the public IP that you have on Fa0/0...

Karsten Iwen has commented on how to configure ASA 5512 (9.2) allow mail server smtp?

7 hours 51 min ago
Please share your config to see if there is something else wrong.

Karsten Iwen has commented on IPS Subscription for ASA5545-IPS-K9

21 hours 23 min ago
I would assume that the old subscription is for the legacy IPS that is EOL...

Karsten Iwen has commented on unable to connect to vpn from Inside network

23 hours 26 min ago
Best way is to provide users in the guest-network the ip of your guest-...

Karsten Iwen has commented on asa vlan

1 day 1 min ago
For sure, configure your ASA physical interface as a trunk that allows the...

Karsten Iwen has commented on inspect ftp protocol via zone based firewall

1 day 1 hour ago
Build a new ACL only for the FTP-communication as shown above and it should...

Karsten Iwen has commented on how to configure ASA 5512 (9.2) allow mail server smtp?

1 day 3 hours ago
>I think it's still the same because when I scan my Public Ip using...

Karsten Iwen has commented on how to configure ASA 5512 (9.2) allow mail server smtp?

1 day 3 hours ago
The outside ACL is using a (different) public IP. There you have to use the...

Karsten Iwen has commented on IPsec VPN with Cisco AnyConnect and 1921 ISR G2 Router

1 day 4 hours ago
Oh, I didn't see the "IPsec" ...For that on the router the crypto...

Karsten Iwen has commented on IPsec VPN with Cisco AnyConnect and 1921 ISR G2 Router

1 day 5 hours ago
Yes, that can be done. Here is an example:http://www.cisco.com/c/en/us/support/...

Karsten Iwen has commented on ASA 9.1(2) drops PING (icmp codes 0 & 8)

1 day 22 hours ago
You are welcome! Come back to the Support-Community anytime again. ;-)

Karsten Iwen has commented on ASA 9.1(2) drops PING (icmp codes 0 & 8)

1 day 22 hours ago
You should take the interface states from SNMP instead from pinging.I don't...

Karsten Iwen has commented on No more external addresses !

1 day 23 hours ago
Without extra public addresses, I don't see any elegant solution to solve...

Karsten Iwen has commented on ASA 9.1(2) drops PING (icmp codes 0 & 8)

1 day 23 hours ago
Works as designed. The ASA doesn't support pinging a foreign Address. If...

Karsten Iwen has commented on cisco ASA-5515-X LED Alarm is amber

2 days 3 hours ago
Alarm LEDThe ASA 5500-X performs autonomous environmental monitoring, polling...

Karsten Iwen has commented on inspect ftp protocol via zone based firewall

2 days 3 hours ago
It's hard to say how to fix it as you don't show what you configured...

Karsten Iwen has commented on ASA5505 upgrade issues...

2 days 4 hours ago
ASDM 7.4(3) should run with Java 8, If not try to add the ASA IP to the Java...

Karsten Iwen has commented on Got an error when I am going to update password on cisco switches.

2 days 6 hours ago
kiMaMi:~ karsten$ openssl passwd -salt `openssl rand -base64 3` -1 abc123 $1...

Karsten Iwen has commented on learning QoS

2 days 20 hours ago
Here are a couple of documents that you can start with:http://www.cisco.com/c/...

Karsten Iwen has commented on Catalyst 3750 Access List to prevent IP Stealing

2 days 22 hours ago
It all should work with the ACL. No need for an extra firewall here.Please...

Karsten Iwen has commented on VPN site to site issue

2 days 23 hours ago
The RA-traffic enters on the outside interface and should be sent back to the...

Karsten Iwen has commented on Bandwidth restriction for ftp traffic only on a an uplink port of a 3750X LAN switch?

2 days 23 hours ago
The policing is the easy part of the config ... More difficult is to match on...

Karsten Iwen has commented on VPN site to site issue

3 days 2 hours ago
A very likely reason is that you are just missing the following command on the...

Karsten Iwen has commented on ASA LICENCE

3 days 3 hours ago
And if you are unsure what Security Contexts are at all: They are used to build...

Karsten Iwen has commented on Need Command to view the object-group of an IP address

3 days 14 hours ago
No need to feel sorry! Just come back to the forum whenever you need help again.

Karsten Iwen has commented on Catalyst 3750 Access List to prevent IP Stealing

3 days 15 hours ago
Well, but you are (as you are known for) again more detailed. I was also...

Karsten Iwen has commented on Need Command to view the object-group of an IP address

3 days 15 hours ago
> Is there a way to filter the exact object-groups for which the ip belongs...

Karsten Iwen has commented on Catalyst 3750 Access List to prevent IP Stealing

3 days 15 hours ago
On your platform, only inbound ACLs are supported. For your ACL 106, you are...

Karsten Iwen has commented on Need Command to view the object-group of an IP address

3 days 16 hours ago
In ASDM that's quite easy, on the cli I would use the following command...

Karsten Iwen has commented on ASA5505 upgrade issues...

3 days 16 hours ago
What are you trying exactly? There is no ASA version 9.6.3 ...

Karsten Iwen has commented on Firewall & Internet Router Issue

4 days 3 hours ago
At least communication between inside and DMZ should never be effected by a...

Karsten Iwen has commented on nat (inside) 0 access-list nonat deprecated

4 days 5 hours ago
That's not nat-exemption, you are PATing your traffic to the interface IP.

Karsten Iwen has commented on Bandwidth restriction for ftp traffic only on a an uplink port of a 3750X LAN switch?

4 days 5 hours ago
Is it for your own FTP-server or for servers on the internet?If it is for...

Karsten Iwen has commented on Two Cisco ASA and tricky S2S (ASA2ASA)

4 days 16 hours ago
This can be easily done:On the main ASA, configure static NAT for the internal...

Karsten Iwen has commented on How to solve this issue of ASDM and Anyconnect VPN with same version java ?

4 days 23 hours ago
For the auto-installation to work, some security settings needs to be relaxed...

Karsten Iwen has commented on ASA 5505 Failover license compatible issue

5 days 1 hour ago
In your software-version, both ASAs need the same licenses. The flash is no...

Karsten Iwen has commented on nat (inside) 0 access-list nonat deprecated

5 days 1 hour ago
Please read the following document:https://supportforums.cisco.com/document/...

Karsten Iwen has commented on Got an error when I am going to update password on cisco switches.

5 days 2 hours ago
It's openSSL that can generate hashes (not encryption) that is compatible...

Karsten Iwen has commented on How to solve this issue of ASDM and Anyconnect VPN with same version java ?

5 days 6 hours ago
Upgrade to the newest ASDM which works with Java 7 and 8. Using old Java-...

Karsten Iwen has commented on ASA 5505 behind DSL router

5 days 21 hours ago
First: The better way would be to redesign your setup and use the router as a...

Bio

I started my work in the IT at about 1995/1996 as a freelance Trainer and consultant with a focus on networking, Novell NetWare and Microsoft Backoffice. In 2001 I started teaching Cisco classes at Global Knowledge in Germany. Since 2003 I'm again Freelancer with a strong focus on security technologies and infrastructure.
And yes, you can hire me for your security-projects and security-workshops. ;-)








  • Cisco Designated VIP

    2015 Security





  • Cisco Designated VIP

    2014 Security





  • Cisco Designated VIP

    2013 Security





  • Community Spotlight Award

    Mobile App Contributor August 2012









Karsten Iwen's Stats

Points4695
Discussion started 17
Answers marked as Correct 666
Endorsed 15
Content Rated 80