Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About Michael ONeil
Michael ONeil
Beginner
Network Security Engineer.
CISSP, CCNP, CCDP, CCNP-S, CCNA, CCDA
Recent Badges
Stats
Member since
10-06-2006
18
Posts
1
Helpful
1
Solution
Certifications
01-31-2020
08:02 AM
Noticing that the rommon versions required for different OS / Firepower versions are varied, got me looking for a chart / table of the rommon versions to ASA OS / Firepower versions. Does something like that exist? Is it always a good idea to upgrade to the latest rommon version (1.1.15 as of now) on any ASA/FTD regardless of ASA OS code/Firepower/FTD code desired? Thanks
... View more
Labels:
11-19-2015
04:40 PM
Aastha,
Thank you for the reply. I guess if I want the client / hostname I should enable and configure the User Agent.
... View more
Created by
Michael ONeil
in Network Security
in Network Security
11-19-2015
01:47 PM
11-19-2015
01:47 PM
We don't see the hostname/netbios name in the Host profile.
We used to see it wneh we would clike the Computer icon for a Initiator IP.
Discovery policy is set to look for users, hosts and applications. I can see discovery events are refreshing.
... View more
Labels:
Created by
Michael ONeil
in Network Security
in Network Security
02-11-2015
04:28 AM
02-11-2015
04:28 AM
The are not shared. Michael O'Neil (DROID)
... View more
01-29-2015
04:08 PM
Protect and control pak comes in the sealed envelope inside the ASA boxes.
... View more
Created by
Michael ONeil
in Network Security
in Network Security
10-28-2014
05:33 AM
10-28-2014
05:33 AM
Yes this did have a PAK: L-ASA5555-TAMC-3Y Michael O’Neil, Systems Engineer Phone: (804) 525-2005 | moneil@sycomtech.com 1802 Bayberr-y Court, Suite 201, Richmond, VA 23226
... View more
Created by
Michael ONeil
in Network Security
in Network Security
10-28-2014
04:41 AM
10-28-2014
04:41 AM
Tony, I just went through this with a pair of 5555x. The new hardware should have come with the Control license in the regular Cisco Sealed envelope. The IPS, URL and Malware licenses come in electronic format to the end user or Cisco Partner. The FireSight license for the FMC comes with the hardware if purchased or electronic if it’s a VM device. Licenses: for 5555 ASA5555-CTRL-LIC= Cisco Protect+Control license PID L-ASA5555-TAMC= Cisco ASA5555 FirePOWER IPS, AMP and URL Licenses L-ASA5555-TAMC-3Y Cisco ASA5555 FirePOWER IPS, AMP and URL 3YR Subs FS-VMW-10-SW-K9 Cisco FireSight License for Virtual FMC
... View more
Created by
Michael ONeil
in Network Access Control
in Network Access Control
10-14-2014
04:53 PM
10-14-2014
04:53 PM
I need ISE to behave like DAP does and aggregate multiple authorization policies when a VPN user authenticates. In my testing with ISE Authorization Policies set to multiple match, only applies the DACL from the first match and does not create a dynamic ACL of all the matched policies. We are trying to use ISE instead of DAP since these deployment is spreadspread accross several global data centers. ISE is more scalable than DAP even if configured using Cisco Security Manager.
... View more
Created by
Michael ONeil
in Network Security
in Network Security
10-01-2014
06:55 AM
10-01-2014
06:55 AM
I have a pair of 555X in HA mode. Each have SFR modules. I have a Virtual FMC. I added 2 URL Filtering and 2 Malware licenses and the protection license into the FMC. I have added the modules into FMC. I can't seem to allocate a URL license or Malware license to the modules. The licenses are grayed out under Devices\licenses.
... View more
- Tags:
- ASA sfr
09-30-2014
06:47 AM
What's messed up is that they don't tell you that you can't past in the whole thing. You only paste in the test from the "beginning of the Block to the last ==" at the end of the block. Trying to paste it all in as you might do in other Cisco licenses will give an error. Hope this helps.
... View more
09-25-2014
09:39 AM
I am failing to register my ASA with Sourcefire module. I see in the V DC that the syslog says it connected to the module successfully, but fails to authenticate “sftunneld:sf_ssl [WARN] VerifyConnect:Failed to authenticate or to be authenticated by peer”
... View more
- Tags:
- ASA sfr
Labels:
Created by
Michael ONeil
in Web Security
in Web Security
01-27-2014
05:00 PM
01-27-2014
05:00 PM
I have ASA 5515x v 9.1 with CX module v 9.1.3 and CDA integrated into the AD domain. I can see the users to IP mappings for domain windows users , like desktops and laptops. I can not see the users to ip mappings for the wireless users. I see their IP adddresses but the usernames don't come in. I have the PRSM configured to use CDA. Do I need to also add the WLC somehow to the CDA setup?
... View more
Labels:
Created by
Michael ONeil
in Network Access Control
in Network Access Control
04-29-2013
08:36 AM
04-29-2013
08:36 AM
I actually promoted the Secondary Admin and Monitoring to Primary for both personas. After it finished initializing, the failed standalone node was gone from the listing. I was able to register it back to the new Primary, and did a application reset-config ise on the original Primary node to clear up the db. I then successfully added it back in as Primary for both personas. I am up and running fine now. Thanks for the help.
... View more
Created by
Michael ONeil
in Network Access Control
in Network Access Control
04-27-2013
12:15 PM
04-27-2013
12:15 PM
During an upgrade to 1.1.4, one of the Policy nodes didn't deregister successfully. The Primary shows it as now a standalone, but it seems to still be a part of the distributed deployment. I upgraded the Policy node and the rest of the nodes. I tried to add (register) the Policy node back but the error says the node is already listed. Is there a way to manually delete a node via the CLI? Thanks
... View more
Labels:
11-03-2011
06:17 AM
I have a admin who nested a Network device group inside another network device group. Is that reccomended? For instance, there is a NDG for Asia, and inside asia he put other NDG for Routers, another for switches, and yet another for firewalls. This seems way too complicated for Tacacs authentication use. I have seen Cisco Security manager balk at these nested groups and not be able to see down into the nested groups to see if a device is setup in ACS . I would like to restructure the group for Asia to be one big NDG containing all IPs of devices under one heading. What do you reccommend?
... View more
Labels:
01-31-2020
Noticing that the rommon versions required for different OS / Firepower
versions are varied, got me ...
11-19-2015
Aastha, Thank you for the reply. I guess if I want the client / hostname
I should enable and configu...
11-19-2015
We don't see the hostname/netbios name in the Host profile. We used to
see it wneh we would clike th...
Created by
Michael ONeil
in Network Security
02-11-2015
02-11-2015
The are not shared.Michael O'Neil (DROID)
Created by
Michael ONeil
in Network Security
10-28-2014
10-28-2014
Yes this did have a PAK: L-ASA5555-TAMC-3YMichael O’Neil, Systems
EngineerPhone: (804) 525-2005 | mo...
Created by
Michael ONeil
in Network Security
10-28-2014
10-28-2014
Tony, I just went through this with a pair of 5555x. The new hardware
should have come with the Cont...
10-14-2014
I need ISE to behave like DAP does and aggregate multiple authorization
policies when a VPN user aut...
10-01-2014
I have a pair of 555X in HA mode. Each have SFR modules. I have a
Virtual FMC. I added 2 URL Filteri...
09-30-2014
What's messed up is that they don't tell you that you can't past in the
whole thing. You only paste ...
09-25-2014
I am failing to register my ASA with Sourcefire module. I see in the V
DC that the syslog says it co...
Created by
Michael ONeil
in Web Security
01-27-2014
01-27-2014
I have ASA 5515x v 9.1 with CX module v 9.1.3 and CDA integrated into
the AD domain. I can see the u...
Created by
Michael ONeil
in Network Access Control
04-29-2013
04-29-2013
I actually promoted the Secondary Admin and Monitoring to Primary for
both personas.After it finishe...
Created by
Michael ONeil
in Network Access Control
04-27-2013
04-27-2013
During an upgrade to 1.1.4, one of the Policy nodes didn't deregister
successfully. The Primary show...
Public Statistics
| Date Registered | 10-06-2006 03:40 PM |
| Date Last Visited | |
| Total Messages Posted | 18 |
| Total Helpful Votes Received | 1 |
