Karsten Iwen

Member Since: Dec 21, 2006

English
Karsten Iwen's Activity on Cisco Support Community
Currently displaying 50 results

Karsten Iwen has commented on Cisco ASA 5512-X memory

1 day 3 hours ago
The ressources (memory and CPU-cores) are split between the ASA itself and the...

Karsten Iwen has commented on Using /31 subnet mask - Can I use .0?

4 days 7 hours ago
Whow, that's shocking to me ... I think I'll go directly to my lab and do some...

Karsten Iwen has commented on Using /31 subnet mask - Can I use .0?

4 days 8 hours ago
What equipment are you using? I've only seen it once on Nexus, but failed with...

Karsten Iwen has commented on Using /31 subnet mask - Can I use .0?

4 days 17 hours ago
As Jon answered, the .0 can be used with a /31 mask. Same is true for .255. But...

Karsten Iwen has commented on ASA TCP connection timeout for database

5 days 9 hours ago
> Everyone likes to blame the network in the first instance :-)> "...

Karsten Iwen has commented on ASA 5520 - Move failover interface from current to management interface

6 days 18 hours ago
With statefull failover the users will probably not notice the change. The...

Karsten Iwen has commented on ASA 5520 - Move failover interface from current to management interface

1 week 2 hours ago
You can remove the primary or the secondary to start the migration. But as...

Karsten Iwen has commented on Cannot access external IP from inside network

1 week 4 days ago
wasn't clear enough on that ... The purpose of DNS-doctoring is not to reach...

Karsten Iwen has commented on two public IP for ISP router

1 week 4 days ago
Only your ISP can give you an authoritative answer on this. But if this is the...

Karsten Iwen has commented on Cannot access external IP from inside network

1 week 4 days ago
That's how it works on the ASA. Do you have a public IP per server that you...

Karsten Iwen has commented on Cisco Firewall ASA 5506-X with Firepower Bundle.

1 week 5 days ago
Yes, it's a subscription for IPS-rules, access to website categories,...

Karsten Iwen has commented on Cisco Firewall ASA 5506-X with Firepower Bundle.

1 week 5 days ago
You can buy the license through your preferred reseller. He will tell you the...

Karsten Iwen has commented on Cisco Firewall ASA 5506-X with Firepower Bundle.

1 week 5 days ago
The Control-License should be delivered with the ASA (in that beautiful...

Karsten Iwen has commented on ASA TCP connection timeout for database

1 week 5 days ago
What's in the ASA-Log when the session dies?

Karsten Iwen has commented on ASA 5505 adding subnets

1 week 6 days ago
All networks "live" on the inside interface of your ASA. If you want to control...

Karsten Iwen has commented on ASA 5505 adding subnets

1 week 6 days ago
These subnets can communicate to the Internet, this traffic can be firewalled....

Karsten Iwen has commented on Handling subnets with ASA 5505

1 week 6 days ago
Duplicate post, discussion started here.

Karsten Iwen has commented on ASA 5505 adding subnets

1 week 6 days ago
ASA 5505 with the Base-license only supports two full-featured Vlans. With that...

Karsten Iwen has commented on Cisco ASA 5510 and Multiple Outside Interfaces Problem

1 week 6 days ago
Yes, that's also an -X model. I wouldn't recommend the 5515-X nowadays....

Karsten Iwen has commented on router 4321 copper slot for aditional module is it routeable

2 weeks 2 hours ago
The SFP-port on the 4321 is a shared port. You can't use it individually as a...

Karsten Iwen has commented on Max VPN AnyConnect

2 weeks 5 hours ago
The maximum is 250 concurrent connections.

Karsten Iwen has commented on On Communication over inside to dmz ASA 5510

2 weeks 6 hours ago
The ASA is a statefull firewall. Allowing the return-traffic is the main...

Karsten Iwen has commented on ASA AD RSA Integration

2 weeks 7 hours ago
If you already have all your group-policies in place, then one easy way would...

Karsten Iwen has commented on On Communication over inside to dmz ASA 5510

2 weeks 7 hours ago
As always: It depends ... On the DMZ-interface you don't need any ACL. An...

Karsten Iwen has commented on ASA licenses

2 weeks 8 hours ago
You don't have to upgrade the ASA if you are fine with what the Base license...

Karsten Iwen has commented on ASA TCP timeout Timer

2 weeks 10 hours ago
With 500k connections you are far away from the platform limit. So I assume...

Karsten Iwen has commented on Cisco ASA5585 factory default config after reboot

2 weeks 14 hours ago
Did you save your config before the reload?

Karsten Iwen has commented on New access-list for 5525

2 weeks 17 hours ago
> The configuration of the access list and NAT are same for the 5510...

Karsten Iwen has commented on How to static route network set

2 weeks 1 day ago
> Not sure if this is the right place to ask. The Security -> Firewall...

Karsten Iwen has commented on ASA5506+Fp 6.0

2 weeks 1 day ago
One more gotcha is, that your FP-config will be gone after this upgrade.

Karsten Iwen has commented on SourceFire management interface binding

2 weeks 1 day ago
You don't have to assign an IP to the ASA on the management-port. You only...

Karsten Iwen has commented on What determines VPN performance?

2 weeks 1 day ago
They have a good support, it's worth asking them for help to get it...

Karsten Iwen has commented on ASA 5505 - IKEv2 remote VPN

2 weeks 1 day ago
Never tried it with anything else than AnyConnect, but at least the release...

Karsten Iwen has commented on Migration from sha1 to sha2

2 weeks 1 day ago
IKEv2 is available on all ASAs, but using better crypto than sha1 isn't. For...

Karsten Iwen has commented on Mac OS X 10.11.4 - The VPN client was unable to successfully verify the IP forwarding table modifications.

2 weeks 2 days ago
And keep looking at the AnyConnect release notes if there is an announcement of...

Karsten Iwen has commented on CISCO SWITCH3850

2 weeks 2 days ago
Start with the document "Cisco Guide to Harden Cisco IOS Devices". It's about...

Karsten Iwen has commented on Migration from sha1 to sha2

2 weeks 2 days ago
ASA5525 supports SHA2, but I don't remember if it was supported from day one....

Karsten Iwen has commented on Migration from sha1 to sha2

2 weeks 3 days ago
For which function of the ASA do you want to migrate? Which device and...

Karsten Iwen has commented on CCNP security certifications

2 weeks 4 days ago
Yes, you can pass any professional or expert level exam and that will...

Karsten Iwen has commented on Extract certificate from ESA

2 weeks 4 days ago
It's much easier (assuming you use the same cert for GUI): Browse to your GUI...

Karsten Iwen has commented on What is second username/password in AnyConnect?

2 weeks 4 days ago
Different VPN-clients can be controlled by different config on the ASA. For the...

Karsten Iwen has commented on Mac OS X 10.11.4 - The VPN client was unable to successfully verify the IP forwarding table modifications.

2 weeks 4 days ago
I would say this is expected behavior with beta-software. In addition to...

Karsten Iwen has commented on What is second username/password in AnyConnect?

2 weeks 4 days ago
That's a config you did on the ASA, not on the client.

Karsten Iwen has commented on Which device to use for site to site VPN

2 weeks 5 days ago
ASA 5505 can only handle a maximum of 25 VPN sessions. 5506 can handle up to 50...

Karsten Iwen has commented on What determines VPN performance?

2 weeks 5 days ago
Unless the devices are not the limiting factor (the ASA 5510 isn't for 20/20)...

Karsten Iwen has commented on Cisco Anyconnect Issue on Win 8.1 platform.

2 weeks 5 days ago
Did you upgrade from Win7 to Win8? Then you have to deinstall AnyConnect und...

Karsten Iwen has commented on Cisco AnyConnect SSL Certificate Issues

2 weeks 5 days ago
One typical problem are wrong ciphers. Try the following: ssl cipher...

Karsten Iwen has commented on SourceFire management interface binding

2 weeks 5 days ago
No, it has to be the m0/0 interface. The management is not available through...

Karsten Iwen has commented on Any chance of migrating config from legacy ASA to ASA-X?

2 weeks 5 days ago
With 9.1(6) running on the old ASA, all ACLs and NAT will stay the same. With...

Karsten Iwen has commented on What is second username/password in AnyConnect?

2 weeks 5 days ago
Look at your tunnel-group/connection-profile. You probably have secondary...

Bio

I started my work in the IT at about 1995/1996 as a freelance Trainer and consultant with a focus on networking, Novell NetWare and Microsoft Backoffice. In 2001 I started teaching Cisco classes at Global Knowledge in Germany. Since 2003 I'm again Freelancer with a strong focus on security technologies and infrastructure.
And yes, you can hire me for your security-projects and security-workshops. ;-)








  • Cisco Designated VIP

    2016 Firewalling, VPN





  • Cisco Designated VIP

    2015 Security





  • Cisco Designated VIP

    2014 Security





  • Cisco Designated VIP

    2013 Security





  • Community Spotlight Award

    Mobile App Contributor August 2012









Karsten Iwen's Stats

Points5656
Discussion started 17
Answers marked as Correct 787
Endorsed 21
Content Rated 91