Marvin Rhoads

Member Since: Jun 28, 2001

English
Marvin Rhoads commented on Mismatch in port status in ASA in Other Security Subjects 17 hours ago

Are you sure you are ssh'd into the same ASA that you attached a picture of? The photo does indeed...

Marvin Rhoads commented on Cisco ASA 5505 - Monitor internet usage in VPN 19 hours ago

You can do a moment in time check but that's not so useful for looking at it over the course of a...

Marvin Rhoads commented on upgrade from 5505 to 5516x in Firewalling 19 hours ago

There is no switchport function on the 5516-X so you would have to introduce a layer 2 switch to...

Marvin Rhoads commented on ASA CCL cluster link requirment in Firewalling 1 day ago

Jacob, I do not believe ASA Cluster Control Links have any encryption - either by default or as an...

Marvin Rhoads commented on cisco Asa firepower traffic rate limiting in Firewalling 1 day ago

You would need an ASA 5500-X series with at least version 9.2(2) to run the FirePOWER Services...

Marvin Rhoads commented on VPN on backup ISP in VPN 1 day ago

You would not do that using default routes., You would need to set a host route (/32) to your site-...

Marvin Rhoads commented on cisco ise licensing order in AAA, Identity and NAC 1 day ago

Prices for eDelivery (product SKU R-ISE-VM-K9) and non-eDelivery (ISE-VM-K9) are the same. The...

Marvin Rhoads commented on Anyconnect ISE posture problem in AAA, Identity and NAC 1 day ago

You're welcome. Thanks for letting us know the resolution that worked for you.

Marvin Rhoads commented on cisco Asa firepower traffic rate limiting in Firewalling 1 day ago

Enterprise and small-medium business class DDOS protection capabilities are equivalent between the...

Marvin Rhoads commented on cisco Asa firepower traffic rate limiting in Firewalling 1 day ago

Please keep in mind the distinction between "FirePOWER" = a general set of features and...

Marvin Rhoads commented on ASA only allows native vlan on 3350 switch to Internet in Firewalling 1 day ago

Ok, got it. I was focusing on your interface and routing setup towards the inside. I notice you...

Marvin Rhoads commented on cisco Asa firepower traffic rate limiting in Firewalling 1 day ago

"AnyConnect" = shorthand for client-based remote access SSL VPN. Cisco uses the AnyConnect Secure...

Marvin Rhoads commented on ASA only allows native vlan on 3350 switch to Internet in Firewalling 1 day ago

Ah OK you are using L3 interface on the switch - I assumed a switchport. If the switch is operating...

Marvin Rhoads commented on ASA only allows native vlan on 3350 switch to Internet in Firewalling 1 day ago

if you want the ASA to recognize the VLAN tags, you need to create subinterfaces on the ASA...

Marvin Rhoads commented on VPN on backup ISP in VPN 1 day ago

Yes, I have setup a couple like this. They were 5510 or higher but the concept is the same. We...

Marvin Rhoads commented on ASA5520 as easy vpn remote in VPN 1 day ago

No. It's not possible. Only the ASA 5505, 5506-X, 5506W-X, 5506H-X and 5508-X platforms supports...

Marvin Rhoads commented on Cisco asa multiple active interfaces on one switch with no switch vlan configuration. in Other Security Subjects 1 day ago

Assuming the Dell switch at least supports spanning tree, connecting multiple interfaces from the...

Marvin Rhoads commented on Solarwinds in Network Management 1 day ago

@luijimen  , Brilliant - thanks for the tip. I learned something new about PI today. @unraveller...

Marvin Rhoads commented on License file in Security Management 2 days ago

It varies by product. Some licenses are node locked and others are not. (e.g., Prime infrastructure...

Marvin Rhoads commented on Cisco asa multiple active interfaces on one switch with no switch vlan configuration. in Other Security Subjects 2 days ago

You can make it work by nor doing that. :) If the Dell is a single VLAN-only switch then you should...

Marvin Rhoads commented on ASA5506X with FirePower - re-image 6.1.0 failing in FireSIGHT System / 3D System 2 days ago

Sorry - that one would definitely be a TAC case (unless one of the TAC engineers who monitor this...

Marvin Rhoads commented on Decommissioning an ASA 5505? in Network Management 2 days ago

Linn, "configure factory-default" is the right command. A factory-default configuration should have...

Marvin Rhoads commented on Is there a way to have a VPN Client appear as if they are on the local LAN ? in VPN 2 days ago

You can define the VPN address pool to be a subset of the local LAN subnet. I'm not sure why you...

Marvin Rhoads commented on To which interface does my VPN Pool belong? in Firewalling 2 days ago

Generally they belong to "outside". However we don't apply an interface access list to make such a...

Marvin Rhoads commented on Solarwinds in Network Management 2 days ago

Correct. I just checked on my SolarWinds and PI. PI only supports sending traps (notification via...

Marvin Rhoads commented on Solarwinds in Network Management 2 days ago

There are some limited statistics that Cisco Prime Infrastructure exposes via SNMP. It primarily...

Marvin Rhoads commented on cisco ise licensing order in AAA, Identity and NAC 2 days ago

@omidkatouzian   Answering your two earlier questions: 1. eDelivery means you get your license PAK...

Marvin Rhoads commented on Hairpinning in VPN 2 days ago

The NAT rule should be (outside,outside). Check the following guides and examples: http://www.cisco...

Marvin Rhoads commented on odd workstation login behavior on wireless in AAA, Identity and NAC 3 days ago

It kind of looks like a machine authentication attempt. Is it possible that your NAM profile...

Marvin Rhoads commented on Hairpinning in VPN 3 days ago

Have you excluded the intra-remote office traffic from your NAT policies?

Marvin Rhoads commented on SSL Decrypting only search engine bound traffic in Intrusion Prevention Systems/IDS 3 days ago

Yes. It is generally recommended that an SSL decryption policy be restricted to the sites you...

Marvin Rhoads commented on Netmods for FirePower 8140 in Intrusion Prevention Systems/IDS 3 days ago

That part number (full description: Cisco FirePOWER 2-Port 10 Gbps SR Fiber Network Module with...

Marvin Rhoads commented on ISE failover in AAA, Identity and NAC 3 days ago

As long as the PSN role on your primary server was responding to RADIUS requests, the NAD would not...

Marvin Rhoads commented on ASA management in Firewalling 3 days ago

Make sure the VPN pool is among the allowed addressed for management (ssh and http / ASDM) via the...

Marvin Rhoads commented on Prime Infrastructure in Network Management 3 days ago

Is your Prime Infrastructure running on a VM? If so, then just vMotion it over. You'd of course...

Marvin Rhoads commented on Anyconnect ISE posture problem in AAA, Identity and NAC 3 days ago

Hmm OK thanks Jernej. It sounds like you've pretty much got a textbook setup. Are you able to see...

Marvin Rhoads commented on Anyconnect ISE posture problem in AAA, Identity and NAC 3 days ago

Are you allowing the DNS resolution (udp/53 to the configured DNS servers) in your pre-authZ ACL?

Marvin Rhoads commented on FWSM v4.1 to ASA v9.6.1 on Firepower 4100 in Firewalling 3 days ago

Are you a partner? If so, there is an available tool that support FWSM configuration file...

Marvin Rhoads commented on Global Correlation not updating. in Intrusion Prevention Systems/IDS 3 days ago

Note the following from the IPS Release notes: You need IPS 7.3(5) to use auto update, global...

Marvin Rhoads commented on cisco ise licensing order in AAA, Identity and NAC 3 days ago

You can install ISE on an HP server ONLY if you use virtualization software (VMware or KVM). The...

Marvin Rhoads commented on ASA 5516-X Firepower Time Zone in FireSIGHT System / 3D System 3 days ago

There was a bug affecting that behavior. See the 6.0.1.2 release notes documenting the fix as...

Marvin Rhoads commented on Missing tab configuration Firepower in ASDM after the upgrade module in Firewalling 4 days ago

Thanks. That looks as expected. I've only done one such upgrade from ASDM and it worked fine. (I...

Marvin Rhoads commented on Missing tab configuration Firepower in ASDM after the upgrade module in Firewalling 4 days ago

Can you share the output of  show module sfr detail ...from the ASA cli?

Marvin Rhoads commented on Cannot Browse to SSM-10 IPS in Firewalling 4 days ago

Did it ever work for you? if so, when did it stop and what changed - updated Java perhaps?

Marvin Rhoads commented on SDN for 6800 Cisco core switch in Network Management 5 days ago

What data sheet are you looking at? Here's the one I see: http://www.cisco.com/c/en/us/products/...

Marvin Rhoads commented on ISE ports used in AAA, Identity and NAC 5 days ago

Hi, Endpoint Discovery on 8443 and 8905 - used to discover the ISE server when providing posture...

Marvin Rhoads commented on enable to access ASA5510 from my PC in Firewalling 5 days ago

Please remove the following lines as: 1. it is telling the ASA to authenticate your client with a...

Marvin Rhoads commented on Global Correlation not updating. in Intrusion Prevention Systems/IDS 6 days ago

What is your IPS version?

Marvin Rhoads commented on Redirect HTTP to HTTPS a specified server - Cisco ASA 5512 in Firewalling 6 days ago

No. You can do port translation but that is not the same as http redirection. Redirect requires...

Marvin Rhoads commented on ISE 1.4 Upgrade in Other Security Subjects 6 days ago

Yes, you can do both roles although that means your deployment isn't fully distributed and thus...

Bio

Sr. Network Engineer, CCNP Security, Fire Jumper








  • Cisco Designated VIP

    2016 Firewalling, Network Management, VPN





  • Cisco Designated VIP

    2015 Security





  • Cisco Designated VIP

    2014 Security, Network Management





  • Cisco Designated VIP

    2013 Security, Network Management









Marvin Rhoads's Stats

Points15791
Discussion started 75
Answers marked as Correct 1901
Endorsed 44
Content Rated 352