About ghermocilla

ghermocilla · 11-04-2025

We are trying to configure secure logging using TLS for our edge routers, we need to import the certificate to be used but I cannot see the terminal option in the trustpoint enrollment section. We also tried converting the certificate to pkcs12 forma...

ghermocilla · 09-05-2023

Hi any who has a detailed step to configure the Juniper SRX to use Cisco ISE for TACACS authentication?

ghermocilla · 02-16-2022

We recently migrated our firewall to multiple context and after that there are some applications that don't work anymore.For example is one our client is using a VDI, and it's not launching.There's also a voice service wherein there are delays in com...

ghermocilla · 08-10-2021

We have a 3504 wireless controller that is configured in HA running in version 8.10.130 before upgrading to 8.10.162. We perform the upgrade via Cisco DNA, but unfortunately the standby controller has not been upgraded. What is the best approach on f...

ghermocilla · 04-11-2021

HI, I have this weird issue. We have an ASA 5525 and an FMC managing those SFR.Current version of the ASA is 9.8(4) and the FMC has ver. 6.7.0.What happens is the there are some sites that users cannot access.When I checked the logs via ASDM, I see s...

ghermocilla · 11-06-2025

Hi Enes,Unfortunately its not working for me. Do i need something to the p12 file? I'm just importing our root CA to the device. its in PEM format and I used openssl to convert it. any special commands or attributes to convert the file?

ghermocilla · 08-10-2021

The HA state now is not redundant and the peer state is UNKNOWN - communication down.The secondary controller can be accessed via SSH only but we cannot login as the credentials are not working.We also tried consoling the controller and we cant also...

ghermocilla · 10-24-2019

Hi Jason,I also tried using PEAP(EAP-GTC) and the same result.For example, I input john.doe@domain.com, when you go to radius live logs it only shows john.doe without the @domain.comi need the whole username to authenticate.

ghermocilla · 02-19-2018

that's the result for packet tracer, its being dropped, that why i need to explicitly put an access list like this one: access-list inside_access extended permit ip object-group Inside-PC any

ghermocilla · 02-19-2018

here's my configinterface GigabitEthernet0/0.27 nameif outside security-level 0 ip address 172.16.1.3 255.255.255.0!interface GigabitEthernet0/1 nameif inside security-level 100 ip address 192.168.1.10 255.255.255.0!object network Inside-NAT host 172...

Member Since	‎07-03-2014 01:16 AM
Date Last Visited	‎11-13-2025 01:14 AM
Posts	35
Total Helpful Votes Received	5

User Statistics

User Activity

Import certificate for secure logging

Cisco ISE 3.2 as TACACS server for Juniper SRX

Applications not working after migrating to multiple context

3504 WLC failed software upgrade in the standby via DNA

SFR dropping TCP packets

Re: Import certificate for secure logging

Re: 3504 WLC failed software upgrade in the standby via DNA

Re: ISE and Anyconnect NAM not getting the full username

Re: Access denied by implicit rule

Re: Access denied by implicit rule