Karsten Iwen

Member Since: Dec 21, 2006

English
Karsten Iwen's Activity on Cisco Support Community
Currently displaying 50 results

Karsten Iwen has commented on Questions about ASA5505 Licensing

3 hours 28 min ago
With the AnyConnect 4 license you still can use the AC 3.x client. But AC4 is...

Karsten Iwen has commented on Questions about ASA5505 Licensing

6 hours 4 min ago
Yes, it's really that easy!

Karsten Iwen has commented on Questions about ASA5505 Licensing

6 hours 15 min ago
The order will include both items, but out of that order you get one license.

Karsten Iwen has commented on Questions about ASA5505 Licensing

6 hours 30 min ago
In fact, it's just one license. So yes, you'll get one mail with a link...

Karsten Iwen has commented on Questions about ASA5505 Licensing

6 hours 58 min ago
it's exactly as shown there.

Karsten Iwen has commented on Questions about ASA5505 Licensing

8 hours 22 min ago
That's right. You'll receive a PAK. This PAK is used together with the...

Karsten Iwen has commented on ASA-Failover

9 hours 22 min ago
Preemption is for Active/Active failover. For Active/Standby failover you have...

Karsten Iwen has commented on Questions about ASA5505 Licensing

16 hours 42 min ago
It's not the ASA that counts the users. You count them and Cisco...

Karsten Iwen has commented on tunnelall AND split-tunnel on the same server

1 day 10 min ago
You can have both configured at the same time which is not that uncommon. The...

Karsten Iwen has commented on Questions about ASA5505 Licensing

1 day 32 min ago
You are right for anyConnect 4. The main difference to old licensing is that...

Karsten Iwen has commented on Questions about ASA5505 Licensing

1 day 1 hour ago
> QUESTION 1you are right with that.> QUESTION 2With the...

Karsten Iwen has commented on Resilient ASA IPSec Solution

1 day 8 hours ago
Yes, thats where the second peer has to be added.

Karsten Iwen has commented on Resilient ASA IPSec Solution

1 day 8 hours ago
Just issue the actual "set peer" command a second time with the...

Karsten Iwen has commented on Resilient ASA IPSec Solution

1 day 8 hours ago
If you wan't anything fancy with routing, you should build your VPNs with...

Karsten Iwen has commented on Configure Failover on ASA 5505 with different RAM

1 day 13 hours ago
> Do you have any idea ? Only to upgrade ASA2 to 512 MB.

Karsten Iwen has commented on Configure Failover on ASA 5505 with different RAM

1 day 14 hours ago
Having different amounts of RAM on both ASAs is not supported. This is from the...

Karsten Iwen has commented on Layer-3 Switching with SG-300 52

3 days 23 hours ago
Has your 2811 static routes for the internal networks pointing to the swiitch-...

Karsten Iwen has commented on DHCP relay on ASA/FWSM

4 days 2 hours ago
Thats how it works. But at least you now have a control to on the ASA to make...

Karsten Iwen has commented on DHCP relay on ASA/FWSM

4 days 8 hours ago
Correct, that was the standard behavior that was extended in 9.1(2).

Karsten Iwen has commented on DHCP relay on ASA/FWSM

4 days 9 hours ago
On the ASA it's possible starting from 9.1(2). For the FWSM, I don't...

Karsten Iwen has commented on CISCO ASA 5505 - Do I need a license to configure trunk ports?

4 days 11 hours ago
Trunking is only available with the SecurityPlus license which you can buy at...

Karsten Iwen has commented on Wildcard SSL cert on ASA

4 days 15 hours ago
>  I have seen the problem happening many times and it appears as...

Karsten Iwen has commented on Wildcard SSL cert on ASA

5 days 6 hours ago
There is no problem for the VPN when the fqdn doesn't match the hostname....

Karsten Iwen has commented on Cisco ASA 9.1, NAT question

1 week 53 min ago
No, that won't work. The logic of a network-NAT-statement (with a mask like...

Karsten Iwen has commented on Cisco ise 1.3 subject alternative name SAN

1 week 5 days ago
You want to access the webpages of the ISE by different names. A good example...

Karsten Iwen has commented on SSLV3 vulnerability in ASA OS version 9.0(4)20

1 week 6 days ago
All commands that you need start with "ssl", but your demand doesn...

Karsten Iwen has commented on Networking Limtis

1 week 6 days ago
And what's your question?

Karsten Iwen has commented on unknown access list command

1 week 6 days ago
look at it with the same ACL-logic as always: 0: match the bit in the address-...

Karsten Iwen has commented on Symmetric encryption Asymmetric encryption

1 week 6 days ago
As a rule of thumb: Whenever userdata needs to be protected, symmetric crypto...

Karsten Iwen has commented on PAT Multiple external IP's to different Internal Devices.

1 week 6 days ago
> However now with the above configuration the nat line lets in...

Karsten Iwen has commented on PAT Multiple external IP's to different Internal Devices.

1 week 6 days ago
What do you mean with "secondary" IPs? Are they from your public IP-...

Karsten Iwen has commented on Cisco 2960X support static routes? - LAN Lite, Base, IP Lite

1 week 6 days ago
I deployed them also with more VLANs.If the network is quite small, I would...

Karsten Iwen has commented on Have problem with static nat on cisco ASA ver 9.1

2 weeks 3 hours ago
The translated address was used in the ACL in ASA versions up to 8.2. With the...

Karsten Iwen has commented on where will the information be stored

2 weeks 8 hours ago
What do you mean with that?

Karsten Iwen has commented on Disable SSH CBC mode cipher encryption and disable MD5 and 96-bit MAC algorithms in SSH on Cisco ASA

2 weeks 9 hours ago
SSH always works with authentication. That's not related to the used...

Karsten Iwen has commented on Failover with 9.2 (3)

2 weeks 10 hours ago
The 5505 only support stateless failover:Active/Standby Failover Model...

Karsten Iwen has commented on Hide VPN Profiles with LDAP

2 weeks 11 hours ago
The LDAP-maps are based on the DN of the users. If all users in the same OU get...

Karsten Iwen has commented on Permit specific address on ASA for nat.

2 weeks 11 hours ago
ACLs and not NAT are the tools for allowing and denying traffic. You should use...

Karsten Iwen has commented on Disable SSH CBC mode cipher encryption and disable MD5 and 96-bit MAC algorithms in SSH on Cisco ASA

2 weeks 11 hours ago
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/...

Karsten Iwen has commented on Permit specific address on ASA for nat.

2 weeks 11 hours ago
Configure dynamic NAT for the whole internal network (or even "any...

Karsten Iwen has commented on Maximum number of 3750 switches that can be stacked

2 weeks 12 hours ago
These (and many more) questions can be answered by looking at the documentation...

Karsten Iwen has commented on where will the information be stored

2 weeks 12 hours ago
The profiles are stored here: %ALLUSERSPROFILE%\Cisco\Cisco AnyConnect...

Karsten Iwen has commented on Permit specific address on ASA for nat.

2 weeks 13 hours ago
Have a look at Jounis great document on the changes from 8.2-NAT to the new NAT...

Karsten Iwen has commented on Can ASA 5520 support IPSEC VPN dialer and AnyConnect Essentials clients at the same time?

2 weeks 13 hours ago
You can configure the ASA to terminate AnyConnect VPN-sessions with the "...

Karsten Iwen has commented on Cisco IPS 4345

2 weeks 13 hours ago
Works as designed. If you configure your interface as promiscous, then you...

Karsten Iwen has commented on Have problem with static nat on cisco ASA ver 9.1

2 weeks 13 hours ago
In the ACL you have to use the real server IP-address: access-list...

Karsten Iwen has commented on Disable SSH CBC mode cipher encryption and disable MD5 and 96-bit MAC algorithms in SSH on Cisco ASA

2 weeks 15 hours ago
All what you can do is documented in the config-guide.

Karsten Iwen has commented on Disable SSH CBC mode cipher encryption and disable MD5 and 96-bit MAC algorithms in SSH on Cisco ASA

2 weeks 15 hours ago
To my knowledge it's not documented that it's not possible ... Only the...

Karsten Iwen has commented on Disable SSH CBC mode cipher encryption and disable MD5 and 96-bit MAC algorithms in SSH on Cisco ASA

2 weeks 15 hours ago
No, TLS 1.2 in ASA versions 9.3 and higher can be used with the actual...

Karsten Iwen has commented on VPN Design question / which solution is the best option?

2 weeks 1 day ago
You can bind your crypto map to an HSRP-address for redundancy.If your main...

Bio

I started my work in the IT at about 1995/1996 as a freelance Trainer and consultant with a focus on networking, Novell NetWare and Microsoft Backoffice. In 2001 I started teaching Cisco classes at Global Knowledge in Germany. Since 2003 I'm again Freelancer with a strong focus on security technologies and infrastructure.
And yes, you can hire me for your security-projects and security-workshops. ;-)








  • Cisco Designated VIP

    2015 Security





  • Cisco Designated VIP

    2014 Security





  • Cisco Designated VIP

    2013 Security





  • Community Spotlight Award

    Mobile App Contributor August 2012









Karsten Iwen's Stats

Points4902
Discussion started 17
Answers marked as Correct 697
Endorsed 17
Content Rated 82