About Scott Robertson

Scott Robertson · 12-12-2016

hello, We have security auditors combing through our ACI fabric configuration . They want us to demonstrate that IP source routing is disabled. Anyone know a command or configuration to demonstrate to auditors this is turned off in the ACI Fabric...

Scott Robertson · 02-13-2014

Hi everyone,We are going through an IA audit and the IA tema would like me to change the SS/SSH kLey strength from the default 1024 to 2048.How can I accomplish this on IPS module in a ASA 5525x firewall? I see where i can regenerate a new key throug...

Scott Robertson · 07-19-2013

Hello,I have two ACS 1121 appliances and we have configured a second NIC port (Gig 0 and 1) on the appliances in seperate subnets. Gig 0 Nic is configured with IP on my management VLAN 10. Gig 1 Nic is configured on production VLAN 20 for TACACS auth...

Scott Robertson · 06-20-2013

Asa 5525x with 9.1 code with multicontextMode enabledI enabled traffic between interfaces with same security level on admin firewall context . This works but when I disable this feature and apply inbound ACLs to these same interfaces log indicates pa...

Scott Robertson · 12-31-2012

Hello everyoneI would really appreciate any clarity on a licensing question for the VG350 analog gatewayWe are purchasing a VG350 to integrate into an BE 6000 version 8.6 environment. I have over 800 DLU's available and we have tested adding a VG240 ...

Scott Robertson · 02-21-2014

I am referring to IPS SSP in the ASA 5525x firewall. It appears ther is no way to change the certificate size from 1024 to 2048 or higher . My IA auditors are complaining about the weak key size of 1024. I was hoping it could be done from CLI on the ...

Scott Robertson · 02-14-2014

Hello and thanks for the reply.I have reviewed the setup guide in the link above and the guide provides the CLI syntax to generate a new TLS server certificate however it does not provide any parameters to change the key size. So IPS will generate a ...

Scott Robertson · 10-23-2013

The config you provided shows the device is using a self signed certificate. This is a default configuration and I would not recommend removing it from your device configuration . The self signed certificate is used for SSH HTTPS device management, I...

Scott Robertson · 07-19-2013

Hi Jatin http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.4/installation/guide/csacs_hw_ins.html#wp1136860Refer to table 4-4. Looks like Gig 0 must be configured for http/ssh management, Gig 1 will not allow http/...

Scott Robertson · 06-21-2013

Thank you Jouni !I understand the logic at this point and appreciate your qucik responses.

Member Since	‎05-26-2011 01:28 PM
Date Last Visited	‎09-07-2018 12:03 AM
Posts	16

User Statistics

User Activity

Disable IP source routing on ACI fabric

ASA 5525x with embedded IPS

ACS 5.4 1121 two NICs causes deny tcp (no connection) on ASA log

ASA 9.1 code enable traffic between interfaces with same security levels

when to use VG350 essential licenses

Re: ASA 5525x with embedded IPS

ASA 5525x with embedded IPS

Re: crypto pki certificate in running config

ACS 5.4 IP Change After Configuration Complete

Re: ASA 9.1 code enable traffic between interfaces with same sec