Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About Zubair.Sayed_2
Stats
Member since
12-09-2009
101
Posts
0
Helpful
2
Solutions
4402 Controller upgrade problem
in Wireless Security and Network Management
12-02-2013
03:15 AM
12-02-2013
03:15 AM
Sprockets, please also send me the link to the upgrade procedure you using, the link I have on the Cisco site shows only to step 6, I see you have a lot more steps.. Thanks Zubair
... View more
Created by
Zubair.Sayed_2
in Wireless Security and Network Management
in Wireless Security and Network Management
12-02-2013
03:00 AM
12-02-2013
03:00 AM
Thanks sprocket, so it is as simple and repeating steps for each file. Tell me, I have just downloaded the file from TFTP and I see the below message on the controller, is this correct? Should I just wait for the installation to complete ? "TFTP receive complete... extracting components."
... View more
4402 Controller upgrade problem
in Wireless Security and Network Management
12-02-2013
02:11 AM
12-02-2013
02:11 AM
Leo, Can you please explain the bootstrap upgrade process, reason I ask is because on the Cisco website for the Wireless Controller upgrade procedure I dont see any mention of the bootstrap. Just to share little history on my situation and not to hijack this thread but I think it might be useful to 'sprocket' because I am also using the same version as him which is 7.0.98.0. I have just downloaded the following verison from the Cisco website: AIR-WLC4400-K9-7-0-98-218.aes as I am first jumping to version 218 and then on to the higher versions. So the next version from 7.0.98.218 is 7.0.230.0 and I noticed with this version there are 2 files, the .aes file and a -ER.aes, as I have not done an upgrade before on a controller what do I need to know regarding this new versions. Regards Z.
... View more
Created by
Zubair.Sayed_2
in Firewalls
in Firewalls
03-20-2013
06:32 AM
03-20-2013
06:32 AM
Marcin, Thank you for the response. This is the vulnerability: "An outdated OpenSSL package was identified that was vulnerable to a heap corruption bug that may be exploited by an attacker to acquire command execution on the host, or to create denial of service conditions." They suggest we do the following: "Update the outdated / vulnerable OpenSSL package to the latest stable version" Thanks Zubair
... View more
Created by
Zubair.Sayed_2
in Firewalls
in Firewalls
03-20-2013
05:45 AM
03-20-2013
05:45 AM
Hi Mike, I seem to be having the same issue and I followed your bug and notice the bug says it has been fixed in version 8.2 (5). We have an ASA 5520 and running Cisco Adaptive Security Appliance Software Version 8.2(5)2 and we conducted a Pen test recently and the company picked this error, see my thread below. https://supportforums.cisco.com/thread/2206441?tstart=0 Thanks - Zubair
... View more
Created by
Zubair.Sayed_2
in Firewalls
in Firewalls
03-20-2013
05:35 AM
03-20-2013
05:35 AM
Hi All, On one of our firewalls we hosting a application/service which impacts clients and we recently conducted a Pen test, the external company doing the Pen test have advised us that there is a vulnerability relating to OpenSSL. We have checked the server and there is no OpenSSL installed so the only place where it could be picking this up is on the ASA, is this correct? Here is the report from the company that conducted the test: 4.3 Network Security An outdated OpenSSL package was identified that was vulnerable to a heap corruption bug that may be exploited by an attacker to acquire command execution on the host, or to create denial of service conditions. Table 7 provides an overview of the risk identified per network assessment category, along with recommendations for resolving the issues identified. Category Risk Summary Recommendations Patch Management High The OpenSSL package installed on one host was identified as being outdated and subject to a heap corruption bug. Update the outdated / vulnerable OpenSSL package to the latest stable version. We have an ASA5520 and running the following version: Cisco Adaptive Security Appliance Software Version 8.2(5)2 How do we check the OpenSSL on the ASA and secondly do we need to update the ASA software version ??? Thanks Zubair
... View more
Labels:
Created by
Zubair.Sayed_2
in Firewalls
in Firewalls
11-02-2012
07:54 AM
11-02-2012
07:54 AM
Nice one David, Strange though why Cisco has not built these features in the ASA's........
... View more
Created by
Zubair.Sayed_2
in Firewalls
in Firewalls
11-02-2012
06:15 AM
11-02-2012
06:15 AM
Jennifer, Thank you for clearing this up. Much appreciated. Zubair
... View more
Created by
Zubair.Sayed_2
in Firewalls
in Firewalls
11-02-2012
12:08 AM
11-02-2012
12:08 AM
Hi all, We recently had some penetration testing done on one of our servers (which has a public front end), and a major issue that was found is that users are able to authenticate without using HTTPS. I know that we can configure http to https redirects on the server using IIS but we would like to try and get this redirected before the traffic gets to the server. Browsing some past posts on the forum I found this: "The ASA can only redirect HTTP/HTTPs traffic to a websense or secure computing smartfilter (owned by McAfee)." Is it possible to redirect traffic at the ASA as we do not have a websense or smartfilter server in place? Thanks Z
... View more
Labels:
10-03-2012
03:15 AM
Hi Either there is no route somewhere or the ports between the switch and router are not configured as trunk links. Are they in seperate vlans ?
... View more
10-03-2012
02:45 AM
Hi As Reza says you can just login and perform various commands, write this down on paper and then put in a diagram form. You can use Visio. You can also try show vlan or show vlan brief to see the vlans, show int status to see whats connected and whats not etc... HTH Zubair
... View more
Created by
Zubair.Sayed_2
in Switching
in Switching
10-03-2012
02:32 AM
10-03-2012
02:32 AM
Hi I am sure you checked already the VTP server is the same on both switches or set the one switch to server. If I remember both switches cannot be Transparent, one must be server and they must have the same version numbers. HTH Zubair
... View more
10-03-2012
02:03 AM
Hi Did these issues occur after you upgraded the ASA's? What version did you upgrade to? Thanks Zubair
... View more
10-03-2012
02:01 AM
Can you paste the config of the actual ACL - VLAN-RESTRIC-EXCEP ?
... View more
Created by
Zubair.Sayed_2
in Switching
in Switching
10-03-2012
01:55 AM
10-03-2012
01:55 AM
Hi Have you tried adding the following commnd to the port channel interface: switchport trunk encapsulation dot1q Some interface also require you to hard code speed and duplex, you can try these commands also. You might also want to try removing all the other config from the interfaces and just keep the basic config to see if the interfaces and port channel comes up. interface GigabitEthernet0/23 description xxxxxx switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode on end interface GigabitEthernet0/24 description xxxxxxxxx switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode on end interfaceface Port-channel1 description xxxxxxxxx switchport trunk encapsulation dot1q switchport mode trunk end Thereafter issue a 'show int status' to see if there are any error conditions for those interfaces like err-disable . HTH Regards Zubair
... View more
Created by
Zubair.Sayed_2
in Wireless Security and Network Management
12-02-2013
12-02-2013
Sprockets, please also send me the link to the upgrade procedure you
using, the link I have on the C...
Created by
Zubair.Sayed_2
in Wireless Security and Network Management
12-02-2013
12-02-2013
Thanks sprocket, so it is as simple and repeating steps for each
file.Tell me, I have just downloade...
Created by
Zubair.Sayed_2
in Wireless Security and Network Management
12-02-2013
12-02-2013
Leo, Can you please explain the bootstrap upgrade process, reason I ask
is because on the Cisco webs...
Created by
Zubair.Sayed_2
in Firewalls
03-20-2013
03-20-2013
Marcin,Thank you for the response.This is the vulnerability: "An
outdated OpenSSL package was identi...
Created by
Zubair.Sayed_2
in Firewalls
03-20-2013
03-20-2013
Hi Mike,I seem to be having the same issue and I followed your bug and
notice the bug says it has be...
Created by
Zubair.Sayed_2
in Firewalls
03-20-2013
03-20-2013
Hi All,On one of our firewalls we hosting a application/service which
impacts clients and we recentl...
Created by
Zubair.Sayed_2
in Firewalls
11-02-2012
11-02-2012
Nice one David, Strange though why Cisco has not built these features in
the ASA's........
Created by
Zubair.Sayed_2
in Firewalls
11-02-2012
11-02-2012
Jennifer,Thank you for clearing this up.Much appreciated.Zubair
Created by
Zubair.Sayed_2
in Firewalls
11-02-2012
11-02-2012
Hi all,We recently had some penetration testing done on one of our
servers (which has a public front...
10-03-2012
HiEither there is no route somewhere or the ports between the switch and
router are not configured a...
10-03-2012
HiAs Reza says you can just login and perform various commands, write
this down on paper and then pu...
Created by
Zubair.Sayed_2
in Switching
10-03-2012
10-03-2012
HiI am sure you checked already the VTP server is the same on both
switches or set the one switch to...
10-03-2012
HiDid these issues occur after you upgraded the ASA's?What version did
you upgrade to?ThanksZubair
Public Statistics
| Date Registered | 12-09-2009 12:46 AM |
| Date Last Visited | 08-18-2017 03:56 AM |
| Total Messages Posted | 101 |
.jpg "Hall of Fame Master"){kind=icon}
