Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About bvj197222
Stats
Member since
10-02-2007
141
Posts
15
Helpful
3
Solutions
02-20-2020
07:20 AM
Just to verify, yes: https://blog.router-switch.com/2012/09/cisco-catalyst-2960-series-enables-routing/
... View more
12-18-2019
04:37 AM
This scenario might not be possible, but maybe there's a workaround; We are using Cisco Anyconnect to connect to company resources. We also have a second vpn-installation with added security for access to a second network on a different site, a 3rd party company that has their own installation. A limited number of our users needs to access this. First they establish the VPN. Then they access the portal of the second VPN (A Citrix SSL Extender VPN), and authenticates there. The second VPN tries to add some routes to the local routing table of the client but is not allowed, as the Cisco Anyconnect locks down the routing table. I tried to enable split-tunneling, but that is no point as the second VPN is accessed thru the first vpn. Hence, there's no point in adding routes to the Anyconnect routing table as the traffic passes thru the secondary vpn. Are there any ways to add a route to the local routing-table of the client? 'Route add...' doesn't work (as expected, since Cisco Anyconnect locks down the routing table). The reason why we need both VPN's active is cause the users needs to access both our resources and the 3rd party resources at once. So we can't disconnect the company VPN and establish the 3rd party VPN. A site-to-site VPN would solve this, but the 3rd party is not keen on that due to their security policies.
... View more
Labels:
Created by
bvj197222
in Email Security
in Email Security
09-18-2019
05:05 AM
09-18-2019
05:05 AM
Perfect, that explains it. In my old environment is was set correctly, but I missed out on it when transferring the config to the new VM.
... View more
Created by
bvj197222
in Email Security
in Email Security
09-18-2019
01:28 AM
09-18-2019
01:28 AM
That is correct. It was the content filter below that erroneously marked everything as spam. All tho I can't understand why. The filter says that if both receipient and receiver is company.com, then mark it as spam. It worked fine in my old C170, running 10.0.0-203. But in the new virtual applicance, C100V, 12.5.0-059, the filter is behaving differently and was marking almost all email as spam.
... View more
Created by
bvj197222
in Email Security
in Email Security
09-17-2019
10:01 AM
09-17-2019
10:01 AM
THIS IS A BIT OF AN EMERGYCY: I installed two new virtual Ironports, C100V. I copied the config from our old Ironports. Now, for some reason, most of the incoming email are falsely being marked as [P-Suspected Spam]. From the logs it looks like everything is being queued for delivery directly to the offbox Quarantine. One example; Tue Sep 17 18:17:59 2019 Info: Start MID 1274 ICID 14339 Tue Sep 17 18:17:59 2019 Info: MID 1274 ICID 14339 From: <xxx@xxx.xx> Tue Sep 17 18:17:59 2019 Info: MID 1274 ICID 14339 RID 0 To: <xxx@xxx.xx> Tue Sep 17 18:18:00 2019 Info: MID 1274 SPF: helo identity postmaster@EUR03-AM5-obe.outbound.protection.outlook.com Pass (v=spf1) Tue Sep 17 18:18:00 2019 Info: MID 1274 SPF: mailfrom identity <xxx@xxx.xx> Pass (v=spf1) Tue Sep 17 18:18:00 2019 Info: MID 1274 DMARC: Message from domain xxxx.com, DMARC pass (SPF aligned True, DKIM aligned True) Tue Sep 17 18:18:00 2019 Info: MID 1274 DMARC: Verification passed Tue Sep 17 18:18:00 2019 Info: MID 1274 Message-ID '<61cd825976e04ed78c5837bdc388aded@fxxx.com>' Tue Sep 17 18:18:00 2019 Info: MID 1274 Subject 'Some subject ' Tue Sep 17 18:18:00 2019 Info: MID 1274 SDR: Domains for which SDR is requested: reverse DNS host: mail-eopbgr30105.outbound.protection.outlook.com, helo: EUR03-AM5-obe.outbound.protection.outlook.com, env-from: xxx.com, header-from: Not Present, reply-to: Not Present Tue Sep 17 18:18:01 2019 Info: MID 1274 SDR: Consolidated Sender Reputation: Neutral, Threat Category: N/A. Youngest Domain Age: 5 years 3 months 21 days for domain: xxxx.com Tue Sep 17 18:18:01 2019 Info: MID 1274 SDR: Tracker Header : sY3eaBOXop21Gk5+83C2qdeMmyI69B+IgFwHp0plRjqhYRbfE/KqJgH6Fx1cc2K1iR5ZYHbTI8w6o6i+DSWCB/0EMY/ZiipsZg/h8ZC8UKM7LYv5ZcPFXloOnmZ5ZdFEYSEL1yBRQD95CfLWIFpu92tRhB57nWMCDIl2TNH74r2BX7MRAy0cE9Ydqt7XJN+5UBSRJ/Jhj6Iwx7PSOH4avu6YrB3IYM99+EJ6W9DeBP0l60eG06tUOuay43bnCvTP7fg2faF6NsPv3KqASgwW+X8whQquJlR9mofT3L5Fgrq9m0SWII9Yt4xfJUPMh7iw Tue Sep 17 18:18:01 2019 Info: MID 1274 ready 10257 bytes from <xxxx.com> Tue Sep 17 18:18:01 2019 Info: MID 1274 matched all recipients for per-recipient policy DEFAULT in the inbound table Tue Sep 17 18:18:04 2019 Info: MID 1274 interim verdict using engine: CASE spam negative Tue Sep 17 18:18:04 2019 Info: MID 1274 using engine: CASE spam negative Tue Sep 17 18:18:04 2019 Info: MID 1274 interim AV verdict using Sophos CLEAN Tue Sep 17 18:18:04 2019 Info: MID 1274 antivirus negative Tue Sep 17 18:18:04 2019 Info: MID 1274 using engine: GRAYMAIL negative Tue Sep 17 18:18:04 2019 Info: MID 1274 Outbreak Filters: verdict negative Tue Sep 17 18:18:04 2019 Info: ISQ: Tagging MID 1274 for quarantine (X-Ironport-Quarantine) Tue Sep 17 18:18:04 2019 Info: MID 1274 queued for delivery Tue Sep 17 18:18:04 2019 Info: Delivery start DCID 1801 MID 1274 to RID [0] to offbox IronPort Spam Quarantine Tue Sep 17 18:18:04 2019 Info: Message done DCID 1801 MID 1274 to RID [0] (external quarantine) Tue Sep 17 18:18:04 2019 Info: MID 1274 RID [0] Response 'ok: Message 81016 My anti-spam settings on the inbound mail policy is default.
... View more
- Tags:
- anti-spam
Labels:
Created by
bvj197222
in Email Security
in Email Security
09-10-2019
10:50 AM
09-10-2019
10:50 AM
Hello, we are switching over from C170 appliances to Email Security Virtual Appliance (C100V), running AsyncOS 12.5.0-059. What CLI-commands are the best ones to use to discover if there's any problems in email being rejected etc? I am aware of the grep-command; (Machine xxx.xx.com)> grep Currently configured logs: Log Name Log Type Retrieval Interval --------------------------------------------------------------------------------- 1. amp AMP Engine Logs Manual Download None 2. amparchive AMP Archive Manual Download None 3. antispam Anti-Spam Logs Manual Download None 4. antivirus Anti-Virus Logs Manual Download None 5. asarchive Anti-Spam Archive Manual Download None 6. authentication Authentication Logs Manual Download None 7. avarchive Anti-Virus Archive Manual Download None 8. bounces Bounce Logs Manual Download None 9. cli_logs CLI Audit Logs Manual Download None 10. dlp DLP Logs Manual Download None 11. encryption Encryption Logs Manual Download None 12. error_logs IronPort Text Mail Logs Manual Download None 13. euq_logs Spam Quarantine Logs Manual Download None 14. euqgui_logs Spam Quarantine GUI Logs Manual Download None 15. ftpd_logs FTP Server Logs Manual Download None 16. gmarchive Graymail Archive Manual Download None 17. graymail Graymail Engine Logs Manual Download None 18. gui_logs HTTP Logs Manual Download None 19. mail_logs IronPort Text Mail Logs Manual Download None 20. mar Mailbox Auto Remediation Logs Manual Download None 21. repeng Reputation Engine Logs Manual Download None 22. reportd_logs Reporting Logs Manual Download None 23. reportqueryd_logs Reporting Query Logs Manual Download None 24. scanning Scanning Logs Manual Download None 25. sdr_client Sender Domain Reputation Logs Manual Download None 26. smartlicense Smartlicense Logs Manual Download None 27. sntpd_logs NTP logs Manual Download None 28. status Status Logs Manual Download None 29. system_logs System Logs Manual Download None 30. threatfeeds Threat Feeds Logs Manual Download None 31. trackerd_logs Tracking Logs Manual Download None 32. updater_logs Updater Logs Manual Download None 33. upgrade_logs Upgrade Logs Manual Download None 34. web_client URL Filtering Logs Manual Download None If I tail mail_logs (18), would that be the best way of seeing what is going on in realtime? Plus I should tail bounces (8)? I'm also aware of the command 'workqueue' and 'tophosts'.
... View more
Labels:
07-31-2019
11:49 PM
You cannot match a sender's email domain via the Blacklist Sender Group since it refers to the hostname or IP address of the connecting server, not necessarily the sender's domain. Hence, the recommended way to blacklist a sender's email domain is by using 'Incoming mail policy' and content filter > https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118551-qa-esa-00.html. Anyone out there who use Blacklist Sender Group extensively, or most of u use content filtering?
... View more
Created by
bvj197222
in Email Security
in Email Security
07-05-2019
02:24 AM
07-05-2019
02:24 AM
I was playing around with a new installation of ESA, and I enabled smart licensing. However, there was no way of turning it off after enabling it. We haven't converted our licenses yet, so I needed to switch back to classic licensing after playing around w the config. One of the newer genious-features of ESA is the command 'rollbackconfig'. I entered it and did a rollback to config prior to changing the licensing, and Voila - everything was back to normal. The best part about rollbackconfig is that u don't have to manually save the config first. Ironport automatically saves the last committed 10 configurations. mail.example.com> rollbackconfig Previous Commits: Committed On User Description --------------------------------------------------------------------------------- 1. Fri May 23 06:53:43 2014 admin new user 2. Fri May 23 06:50:57 2014 admin rollback 3. Fri May 23 05:47:26 2014 admin 4. Fri May 23 05:45:51 2014 admin edit user Enter the number of the config to revert to. []> 2 Are you sure you want to roll back the configuration? [N]> y Reverted to Fri May 23 06:50:57 2014 admin rollback Do you want to commit this configuration now? [N]> y Committed the changes successfully
... View more
Labels:
05-02-2019
11:24 PM
Great, thanks! I didn't change the @hostname-field as the GUI said 'Leave empty to use hostname'. So I thought it would use the right domain automatically. Anyway, I changed it and now it looks ok. Thanks!
... View more
05-02-2019
03:55 AM
Hello, I am configuring DMARC/DKIM/SPF and I'm following this guide, https://seanthegeek.net/wp-content/uploads/2018/10/AsyncOS-DKIM-DMARC-Guide.pdf. I am trying to enable signing for bounce and delay messages (se bottom of page 4. I have enabled it on my Ironport, but in the bottom under 'Use Domain Key signing for Bounce and Delay Messages' it says 'There is no signing profile matching bounce from address MAILER-DAEMON@__NOTSET__. Bounce messages will not be signed until you create appropriate signing profile'. I have looked around but I am not able to find out where to correct/adjust this. Any suggestions? We have two ESA C170, and a SMA M170.
... View more
- Tags:
- dmarc dkim
Labels:
01-17-2019
11:21 AM
Hello, we have a ASAv50 Standard - 10G License. I checked out the Anyconnect from my home Office and it's the same result; I only get about 25% of my actual bandwitdth when enabling the Anyconnect vpn. This is the same result as when I testet it from Our lab. The other two who testet it has the same result. We been testing from several laptops. I checked out the Cisco One licensing portal, we have two ASAv50 Licenses and currently only using one. Nothing in the debugging that I found so far. Any ideas?
... View more
01-17-2019
04:08 AM
Hello,
this ASA is a virtual machine, and it's only running VPN. I disabled Threat Detection just in case it mattered. As of now we're just testing it. Two of the guys only managed to get 10 mbit, I got 20 mbit. When I disconnected the Anyconnect-client I was able to get 80 mbit. I testet both by downloading files from a server and speedtest.net.
... View more
01-17-2019
03:58 AM
Hello,
I am running ASA 9.83 with AnyConnect ver 4.7.00136. Before enabling the Anyconnect I have a throughput of 80 mbit. After enabling the client I'm unable to get more than 20 mbit throughput (sometimes less). I have no IPS or anything on the ASA, it's only running as a VPN concentrator. I have disabled Threat Detection. The MTU is set to 1300, as the AnyConnect-client kept on re-connecting. I tried to increase the MTU to 1462 but no difference in throughput. I checked the config on the ASA, and there's no policy-map or anything to indicate that the ASA should decrease bandwidth for the clients.
Our corporate network has a 1 GB internet-link with 10GB in core. Any idea?
... View more
- Tags:
- anyconnect
Labels:
12-06-2018
06:30 AM
Upgrading to 8.5.140 fixed problems on two of Our sites. Those two sites only had 28xx AP's. We also have about 20 sites who had 26xx and 27xx, and those sites didn't experience any problems.
Site A: Users loosing their wifi-connection randomly. Different error Messages in the log but nothing specific.
Site B: Users loosing their wifi-connection randomly, AP's booting randomly as they lost contact With the Controller at headquarters (CAPWAP error)
Upgrading to 8.5.140 fixed both problems.
... View more
Created by
bvj197222
in Wireless and Mobility
in Wireless and Mobility
12-03-2018
12:21 PM
12-03-2018
12:21 PM
I did an Upgrade to 8.5.140, and the SSO-cluster came back online perfectly. 8.5.120 has been deferred now as well, so that explains it..
... View more
02-20-2020
Just to verify, yes:
https://blog.router-switch.com/2012/09/cisco-catalyst-2960-series-enables-routi...
12-18-2019
This scenario might not be possible, but maybe there's a workaround;We
are using Cisco Anyconnect to...
Created by
bvj197222
in Email Security
09-18-2019
09-18-2019
Perfect, that explains it. In my old environment is was set correctly,
but I missed out on it when t...
Created by
bvj197222
in Email Security
09-18-2019
09-18-2019
That is correct. It was the content filter below that erroneously marked
everything as spam. All tho...
Created by
bvj197222
in Email Security
09-17-2019
09-17-2019
THIS IS A BIT OF AN EMERGYCY: I installed two new virtual Ironports,
C100V. I copied the config from...
09-10-2019
Hello,we are switching over from C170 appliances to Email Security
Virtual Appliance (C100V), runnin...
07-31-2019
You cannot match a sender's email domain via the Blacklist Sender Group
since it refers to the hostn...
Created by
bvj197222
in Email Security
07-05-2019
07-05-2019
I was playing around with a new installation of ESA, and I enabled smart
licensing. However, there w...
05-02-2019
Great, thanks! I didn't change the @hostname-field as the GUI said
'Leave empty to use hostname'. So...
05-02-2019
Hello, I am configuring DMARC/DKIM/SPF and I'm following this guide,
https://seanthegeek.net/wp-cont...
01-17-2019
Hello, we have a ASAv50 Standard - 10G License. I checked out the
Anyconnect from my home Office and...
01-17-2019
Hello, this ASA is a virtual machine, and it's only running VPN. I
disabled Threat Detection just in...
01-17-2019
Hello, I am running ASA 9.83 with AnyConnect ver 4.7.00136. Before
enabling the Anyconnect I have a ...
12-06-2018
Upgrading to 8.5.140 fixed problems on two of Our sites. Those two sites
only had 28xx AP's. We also...
Created by
bvj197222
in Wireless and Mobility
12-03-2018
12-03-2018
I did an Upgrade to 8.5.140, and the SSO-cluster came back online
perfectly. 8.5.120 has been deferr...
Public Statistics
| Date Registered | 10-02-2007 02:40 AM |
| Date Last Visited | 02-20-2020 08:28 AM |
| Total Messages Posted | 141 |
| Total Helpful Votes Received | 15 |
.jpg "VIP Advocate"){kind=icon}
