Karsten Iwen

Member Since: Dec 21, 2006

English
Karsten Iwen's Activity on Cisco Support Community
Currently displaying 50 results

Karsten Iwen has commented on Poor Firepower URL Category

12 hours 31 min ago
For URLs that are in the wrong category, you can request a change on your own...

Karsten Iwen has commented on Audit : Configuration Change on ASA

1 day 2 hours ago
There are three typical ways to achieve that: By sending the audit-data as...

Karsten Iwen has commented on 1.1.1.1 owned by asia pacific

1 day 10 hours ago
Interesting blog-post on this topic: http://www.bgpmon.net/issues-with-...

Karsten Iwen has commented on Nat Ports Inaccessible via site-to-site VPN

1 day 10 hours ago
With this NAT-config, your router enforces that the internal server has to be...

Karsten Iwen has commented on DMVPN Router Placing in DMZ Zone ( Behind Firewall ) has been created

2 days 19 hours ago
As with any internal service, you just need a NAT-config and an access-list...

Karsten Iwen has commented on ASA 5512-x SSL VPN AnyConnect Premium licences

2 days 19 hours ago
With VPN-Only you license the ASA to handle 25 simultaneous VPN-connections of...

Karsten Iwen has commented on DMVPN Router Placing in DMZ Zone ( Behind Firewall )

2 days 20 hours ago
Duplicate post, discussion started here.

Karsten Iwen has commented on DMVPN Router Placing in DMZ Zone ( Behind Firewall ) has been created

2 days 20 hours ago
Yes, that's supported. Some time ago I had exactly this scenario (well, 5520...

Karsten Iwen has commented on IPSec VPN Clint for Cisco 5505

2 days 21 hours ago
The Cisco IPSec VPN-client is EOL and should not be used any more. ...

Karsten Iwen has commented on ASA 5512-x SSL VPN AnyConnect Premium licences

2 days 22 hours ago
There is no Premium-license any more. If you want to license a single ASA, the...

Karsten Iwen has commented on ASA5520 version 9.1.x and ISE 1.4 Limitations - dACL

2 days 23 hours ago
There is nothing special in this scenario. The ASA uses the ISE as RADIUS...

Karsten Iwen has commented on no switchport in 3750-x

3 days 10 hours ago
Are you running the LAN Base license? There you can only configure SVIs and no...

Karsten Iwen has commented on ASA5520 version 9.1.x and ISE 1.4 Limitations - dACL

3 days 10 hours ago
I'm running this combination (well, recently upgraded to ISE 2.0). Works like a...

Karsten Iwen has commented on ACL problem on ASA-5505

4 days 13 hours ago
object network 443_Raspberry_Pi nat (inside,outside) static interface service...

Karsten Iwen has commented on send traffic up to line rate ( 1Gbps)

4 days 13 hours ago
Never used the Java version, but there are numerous howtos on the internet like...

Karsten Iwen has commented on ACL problem on ASA-5505

4 days 13 hours ago
There are two things going wrong in your config: object-group service...

Karsten Iwen has commented on ACL problem on ASA-5505

4 days 14 hours ago
Check the object "443_Device". It shoud be the following: object network...

Karsten Iwen has commented on ACL problem on ASA-5505

5 days 3 hours ago
It doesn't match your NAT-rule. Please check them or post the output of "show...

Karsten Iwen has commented on ACL problem on ASA-5505

5 days 13 hours ago
Please post the output of the following command (just insert the public IP that...

Karsten Iwen has commented on send traffic up to line rate ( 1Gbps)

5 days 13 hours ago
I would use two PC (one connected to each router) with iPerf to test it.

Karsten Iwen has commented on installed sha2 ssl certificate but anyconnect client still shows "hashing = sha1"?

5 days 14 hours ago
i am concerning about "hashing" SHA1 as shown below. That's exactly what I...

Karsten Iwen has commented on installed sha2 ssl certificate but anyconnect client still shows "hashing = sha1"?

5 days 22 hours ago
You are mixing two independent security elements here: SHA256 in the...

Karsten Iwen has commented on VPN

1 week 4 days ago
I do not operate any FP7000 Appliances. But it seems so that the license is...

Karsten Iwen has commented on Qos on every network device in the path?

1 week 4 days ago
In addition to Marks very good answer: If you want to dig deeper into QoS and...

Karsten Iwen has commented on VPN

1 week 4 days ago
That's a license for a FirePOWER 7000 appliance. For what equipment are you...

Karsten Iwen has commented on VPN

1 week 5 days ago
No, that was just an example to show the licensing. With PLUS/APEX your users...

Karsten Iwen has commented on VPN

1 week 5 days ago
AC-VPNO-25: VPN-service licensed for a single ASA with up to 25...

Karsten Iwen has commented on ASA use sha256/512

2 weeks 18 hours ago
You can't. But starting with ASA version 9.6(1) you can use PBKDF2.

Karsten Iwen has commented on ASA - Deny TCP reverse path. WHY ????

2 weeks 19 hours ago
The initial packet came from your internal network. 10.168.101.100 has a...

Karsten Iwen has commented on ASA - Deny TCP reverse path. WHY ????

2 weeks 19 hours ago
The router with the IP 10.168.201.1 could have a route for 232.239.122.192...

Karsten Iwen has commented on ACL on Cisco router - Block traffic from outside, allow all from inside

2 weeks 20 hours ago
No, you don't need that line. The NTP-request is sent out and gets inspected by...

Karsten Iwen has commented on ACL on Cisco router - Block traffic from outside, allow all from inside

2 weeks 22 hours ago
I would remove the access-group from dialer1; you will not be exposing the...

Karsten Iwen has commented on ACL on Cisco router - Block traffic from outside, allow all from inside

2 weeks 22 hours ago
And I probably do not need  "permit udp any any eq ntp" in ACL, because...

Karsten Iwen has commented on ASA interfaces, no ACL applied inbound or outbound

2 weeks 1 day ago
> I believe it is working as expected. fine! > I may have...

Karsten Iwen has commented on Do I really need the SNMP Query probe?

2 weeks 1 day ago
A very good read for choosing the right probes is the Cisco ISE Profiling...

Karsten Iwen has commented on Cisco 861 Multiple VLAN Interfaces

2 weeks 1 day ago
It's IOS 15.5(2)T2 at the moment, time for an upgrade again ... On the data-...

Karsten Iwen has commented on ASA interfaces, no ACL applied inbound or outbound

2 weeks 1 day ago
That means taht ICMP is inspected and you should be able to ping through the...

Karsten Iwen has commented on ASA interfaces, no ACL applied inbound or outbound

2 weeks 1 day ago
I prefer to have ACLs on all interfaces for full control of the traffic. For...

Karsten Iwen has commented on ASA interfaces, no ACL applied inbound or outbound

2 weeks 1 day ago
NAT is not needed any more. And if there is no NAT-rule, the traffic is...

Karsten Iwen has commented on Cisco 861 Multiple VLAN Interfaces

2 weeks 1 day ago
There still could be a problem with the amount of VLANs. At least my 866VA only...

Karsten Iwen has commented on Multiple Inside interfaces with one outside interface

2 weeks 1 day ago
packet-tracer can fool you here. It's not enough that it tells you that the...

Karsten Iwen has commented on ASA interfaces, no ACL applied inbound or outbound

2 weeks 1 day ago
I am thinking that the ASA will allow all traffic by default from a higher...

Karsten Iwen has commented on ACL on Cisco router - Block traffic from outside, allow all from inside

2 weeks 1 day ago
ok, just thought that the below mentioned NAT-config was all that you have.

Karsten Iwen has commented on Downgrade ASA v.9.1 to v.7.0

2 weeks 1 day ago
Which one is not needed any more ? the static NAT (outside to inside) or...

Karsten Iwen has commented on ACL on Cisco router - Block traffic from outside, allow all from inside

2 weeks 1 day ago
yes, you add all additionally needed service above the deny-rule. But...

Karsten Iwen has commented on Pinging from ASA inside network to Remote inside network ERROR

2 weeks 1 day ago
Are you specifying the inside interface when sending the ping? ping inside 192...

Karsten Iwen has commented on Downgrade ASA v.9.1 to v.7.0

2 weeks 1 day ago
ok, lets look at your NAT config: ! old:static (to-3560,to-core4948) tcp 10.17...

Karsten Iwen has commented on ACL on Cisco router - Block traffic from outside, allow all from inside

2 weeks 1 day ago
What kind of router do you have? If you can run a firewall feature set, it...

Karsten Iwen has commented on How to choose firewall for small business

2 weeks 1 day ago
Just to give you more options to choose from. The Meraki MX64 could also be...

Karsten Iwen has commented on Assigning an IP to both the physical and sub interface level of a router

2 weeks 1 day ago
No answer to your question, but just another option to solve your main problem...

Bio

I started my work in the IT at about 1995/1996 as a freelance Trainer and consultant with a focus on networking, Novell NetWare and Microsoft Backoffice. In 2001 I started teaching Cisco classes at Global Knowledge in Germany. Since 2003 I'm again Freelancer with a strong focus on security technologies and infrastructure.
And yes, you can hire me for your security-projects and security-workshops. ;-)








  • Cisco Designated VIP

    2016 Firewalling, VPN





  • Cisco Designated VIP

    2015 Security





  • Cisco Designated VIP

    2014 Security





  • Cisco Designated VIP

    2013 Security





  • Community Spotlight Award

    Mobile App Contributor August 2012









Karsten Iwen's Stats

Points6125
Discussion started 18
Answers marked as Correct 837
Endorsed 25
Content Rated 94