Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
hello,
We have security auditors combing through our ACI fabric configuration . They want us to demonstrate that IP source routing is disabled.
Anyone know a command or configuration to demonstrate to auditors this is turned off in the ACI Fabric...
Hi everyone,We are going through an IA audit and the IA tema would like me to change the SS/SSH kLey strength from the default 1024 to 2048.How can I accomplish this on IPS module in a ASA 5525x firewall? I see where i can regenerate a new key throug...
Hello,I have two ACS 1121 appliances and we have configured a second NIC port (Gig 0 and 1) on the appliances in seperate subnets. Gig 0 Nic is configured with IP on my management VLAN 10. Gig 1 Nic is configured on production VLAN 20 for TACACS auth...
Asa 5525x with 9.1 code with multicontextMode enabledI enabled traffic between interfaces with same security level on admin firewall context . This works but when I disable this feature and apply inbound ACLs to these same interfaces log indicates pa...
Hello everyoneI would really appreciate any clarity on a licensing question for the VG350 analog gatewayWe are purchasing a VG350 to integrate into an BE 6000 version 8.6 environment. I have over 800 DLU's available and we have tested adding a VG240 ...
I am referring to IPS SSP in the ASA 5525x firewall. It appears ther is no way to change the certificate size from 1024 to 2048 or higher . My IA auditors are complaining about the weak key size of 1024. I was hoping it could be done from CLI on the ...
Hello and thanks for the reply.I have reviewed the setup guide in the link above and the guide provides the CLI syntax to generate a new TLS server certificate however it does not provide any parameters to change the key size. So IPS will generate a ...
The config you provided shows the device is using a self signed certificate. This is a default configuration and I would not recommend removing it from your device configuration . The self signed certificate is used for SSH HTTPS device management, I...
Hi Jatin http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.4/installation/guide/csacs_hw_ins.html#wp1136860Refer to table 4-4. Looks like Gig 0 must be configured for http/ssh management, Gig 1 will not allow http/...
