We help IT Professionals succeed at work.






Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

On my lap ASA, I can successfully copy files from my ASA to my SCP Folder using SolarWinds SCP Server. The problem I am having is copying files from my SCP Server to the ASA using CLI. IT fails to copy do disk0:/ on the ASA.

 I can see the file being copied from the SCP Server via the SCP Log:

      10/23/2019 12:19 PM      Unknown      Authenticated user cisco from IP
      10/23/2019 12:19 PM      Unknown      User cisco from IP downloading file at "TestFile.txt".

 See the information below:

ciscoasa# copy scp://cisco:cisco@ disk0:/TestFile.txt

Address or name of remote host []?

Source username [cisco]?

Source filename [TestFile.txt]?

Destination filename [TestFile.txt]?

Accessing scp://cisco:cisco@
%Error reading scp://cisco:cisco@ (Success)
Dear Experts

Our customer would like to connect to our network from external network, when they are in office they would like to connect our network and access the network and similarly when they are working from home/mobile they still want to access.
1. have suggest site to site vpn connection while they work from office
2. have suggested point to site vpn connectivity when they are travelling/from home. this is through vpn client software.
Please suggest is this best practice and secure .
Dear Experts

Please help me with steps on "HOW TO" generate CSR for installing SSL certificate on Cisco Firepower Management Center(FMC) for Firepower Threat Defense (FTD), either though ssh or through web interface log in please help me with steps. thanks in advance.
Hello All,

I've been tasked with getting clock equipment working on our campus network. I need to have these touch screen stations in the same broadcast domain as the master server ....but the server reside under server block.

Server block access switches are connected to a distribution switch and DSW are connected to Core Switch over L3 links
Clock devices are connected to access switch trunked to Core switch
What's the best way to span a layer 2 broadcast domain over a layer 3 routed uplink??
Cisco ASA 5508 Operating Temperature

The documentation shows: Max operating temperature 104°F (40°C)

Is this the room temperature?
Or the internal chassis temperature?

My server room is 65 degrees F
My “show env” chassis is 90 degrees F
Dear Experts

We recently installed  Cisco FTD 1010 and for managing FTD we  have installed and configured FMC , now that we have to allow users from external network to connect to our network through Cisco Any Connect software but for this we would like to install SSL certificate, can you please help on how to create CSR and where to create think it should be done in FMC and please let the steps should it be done via ssh or web interface please provide the steps. thanks in advance.
Hi Folks,

I am just wondering how to decide the location of wireless access points in a building while it is not yet ready. We just got floor plans and we need AP locations and handover to buildinc contractor for cabling.
We need to enable proper wireless coverage in our 4 floor building
We will be using Cisco Wireless Access Points 9115ax with Cisco 3504 controller.

Any thoughts
Hello Experts,

Its been a while I did not handle any task related to msi package deployment. I have a very small msi package from Cisco and I want to deploy it to only the Laptops. This client of mine does not have SCCM and they only use active directory and GPO but they have not done any successful deployment using GPO.  Most of the deployments failed using GPO but I do not know why.  In short I have the msi file and I know the the switches that will make the deployment silent.

I need to know if there is a old fashion way to deploy this using CSV file that will have all the laptops and run the command line from the domain controller and target the laptops. I will need help on the script that will read the CSV file , copy the MSI to the laptops C drive under folder APPInstall and run the command line that will result in installing the msi and give me a status log in the end.

On another note , is there a tool available that can help me connect to users laptops and access their command line?  this will definitely help me target individual laptops.

If anyone has done something like this before please assist , I do have domain admin rights .

Thank you,
Hello experts,

I am having BGP rib failure after doing a bgp with a new ISP. Please see my config below

sh ip bgp summ
BGP router identifier 185.151.4.X, local AS number 202XXX
BGP table version is 12558, main routing table version 12558
11 network entries using 1584 bytes of memory
12 path entries using 960 bytes of memory
5/4 BGP path/bestpath attribute entries using 800 bytes of memory
4 BGP AS-PATH entries using 96 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 3440 total bytes of memory
BGP activity 28/17 prefixes, 33/21 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
87.201.148.XX   4        15802     317     356    12558    0    0 05:12:20        1
91.72.200.XXX   4        65120   48869   49332    12558    0    0 4w2d            7
151.253.77.XX   4   4275002636    3892    3054    12558    0    0 05:31:17        2

sh ip bgp
BGP table version is 12558, local router ID is 185.151.4.X
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  …
Good day, long post ahead, help needed!

We help a shelter that is having major connectivity problems. Here is the situation.

In the spring, we had to perform a hard reset on each AP. Unfortunately, the controller was lost in a computer swap out before we came to assist this building. We recreated the networks, and ever since, they have been having terrible connectivity on their devices. On average, every day 3-4 devices cannot connect. Usually the message is 'Cannot connect to network' or similar. Sometimes they connect, but then have no access to internet. They will 'forget' the network, and maybe 50% of the time it works. Sometimes they just leave the phone, and a few hours go by and it works again. Extremely inconsistent. The experience score is low, usually around 50-60%.

The building is on 3 levels. There are 3 on the main floor, 2 on each upper floor. They are all installed in central locations in hallways on the ceiling. They are all UAP-AC-Lite Access points, powered by a US-8-150W.

When I am onsite, my devices connect with no problem, signal strength is good too. But they constantly are having issues, and I am getting desperate for help. An important thing to note is that there was NO connectivity issues before we reconfigured the access points.

Here is what I have tried:

Removing/re-configuring all the wifi networks.
Manually set the 2.4G channels to either 1, 6, or 11, hoping they wouldn't interfere.
Daily reboots of APs
Configure DTIM to 3/3
We are going to upgrade the DHCP server to Server 2016 or 2019.
1. DHCP service failover or HA
2. Multiple vLAN via core switches

Any ideas which version should we use? Any new features on server 2019 on DHCP service?
Thank you.
Existing Environment:
A Cisco Switch worked as DHCP replay, Two DHCP servers for failover. (2003 or 2008)
We delivered MMD handoff instead of Electrical to customer and they think we should bring media converter, their end device is Cisco 6509E. Does this device have optical ports for connections?
I would like to setup multiple VLAN's but not quite sure how to get VLAN 4 working.

Scenario is as follows:

1. - VLAN ID:1 - This will be used for clients that are connected to Ports 1-18, 20-52 on the HP-2530-48G Switch
2. - VLAN ID:4 - This will be used for a single PC that will be connected to Port 19 on the HP-2530-48G Switch
3. I currently have a Windows Server 2016 DHCP setup already (on IP Address: for the VLAN ID:1 but dont have anything setup for VLAN 4
4. VLAN's have been configured on the HP-2530-48G Switch (See screenshot for more details)
5. Cisco Router is configured as the Gateway and is on

HP 2530 Switch
Equipment I have is the following:

1. HP 2530-48G Switch
2. Cisco ASA-5506
3. Cisco 4000 Series Router

Questions are as follows:

1. I want to be able to setup a DHCP Scope for VLAN ID: 4 on the Windows Server 2016 DHCP Server so the PC (that is connected to port 19) is issued an IP Address of but when I setup a scope other users on VLAN ID: 1 are issued an IP Address from the DHCP Server Scope

What do i need to configure either on the switch, ASA or router so only the PC that is connected to port 19 on the switch is issued a 192.168.15.x IP Address?

2. Is it possible to lockdown the VLAN ID: 4 so it only has access to the internet and no access to internal resources on VLAN ID:1 ?
Hey there Experts!

I'm running into a frustrating issues with being unable to update DHCP DNS server on CISCO ASA via SSH.
Logging into the ASA we're processing the following CLI CMDS:

ASA-Hostname: Enable
(successful authentication)
ASA-Hostname# dhcpd dns (dns server needed here)

Unfortuantely we're getting an error thrown at the d in the dhcpd command.
I apologize if this is too simple of a question. I tend to avoid Cisco like the plague and maybe I'm missing a step here.
Researching online the DHCPD CMD seems to be the one that I'm needing.

Your help is appreciated!
I have a network which currently has the voice and data all on the same network space ( The DHCP server is a Draytek 3900 Series Firewall and the network switch is Catalyst 2960 L series.

I have access to the CLI on Cisco but have zero experience using the command line interface so ideally would be better if we can configure the network switch to allow me to access via a browser (if thats easier for configuring switch).

Any advice on how to achieve this would be appreciated.

Sycamore IT
We are adding optus phones network at our office, I need to open up two ports on firewall. i.e.

FTP(XMPP) Port (1081) is Closed

How can I add this rule under Meraki MX?

We have an Access database that runs ok on a Windows Server, but we have significant performance issues when attempting to use the database when working from home over our VPN via Cisco AnyConnect. Since we all have laptops, and bring them home when working from home, there is no PC in the office to use RDP.

How do people normally get good performance when running MS Access remotely if they aren't using RDP?
I'm trying to configure a rule in Cisco CES cloud platform the stops people masquerading as the CEO
for attempted Phishing. So on our previous FW we had if the mail has the sender as 'our ceo' but does not come from
our Domain, then drop. I can see where to configure this in the CES.
Hello Experts,

We are planning for a network infrastructure upgrade. It includes structured cabling and active systems.
The network is currently running Cat5e cables, patch panels and faceplate modules.
Cisco Catalyst 3560 is deployed at edge and 6506 at Core.
We want to upgrade the infrastructure to Cat6a structured cabling, Fiber cabling supporting 10g and Cisco Switches with  SD-Access.
Therefore, we are looking for tips and suggestions to start preparing the plan.
I am visiting a client tomorrow (50 WAPs, 5 Switches) to assist them in their wireless dropout issues.
They have cordless wireless phones which were on 2ghz, they upgraded it 5ghz, it didnt resolve the issue.
They have meraki switches and waps, and cisco asa.
Meraki waps they are using are MR 42;

I have worked on Meraki SWs and WAPs but never had any issues with them.
Should i start with disabling SSIDs and enable one by one?
Which tools / apps i can install on my computer to diagnose an issue like this?
Hi, I'm looking for an OpenVPN client for Mac books in order to connect to a Cisco RV320.  The OpenVPN website states to download the client from the OpenVPN server, but I don't have a server as my client is using the Cisco RV320 with the OpenVPN setup.  Windows clients function well with the OpenVPN client.
Does anyone have a suggestion?
I am looking to develop an automation tool that can assist a NOC operation with WAN outage recovery without technician interaction. The automation tool will run in the lan environment (with no external access) and interact directly with the WAN interface. Please note this tool will not interact with any third party devices outside of the WAN environment. The test environment has Cisco Routers/Switches and uses Spectrum Monitoring.  Looking for suggestions on use cases and example event flow to develop on.
Cisco Anyconnect question..

Hello experts,

We have about two years ago we purchased Cisco Anyconnect licenses, it was for version 3.x. I don't really remember why we didn't get version 4 (perhaps 3 was the up-to-date version back then). Anyhow, when I log in to the cisco portal i see that I can't download anyconnect v 4.x, I assume it's an entitlement thing. My question is this: we have another site that purchased anyconnect v4, if they give me the package files can i just upload them to my ASA or the ssl licenses are tied to a specific version?

thanks in advanced..
I have Cisco SPA303 IP phones that I am trying to get connected to a cloud provider. I can only connect to the cloud provider when I connect the phone to my laptop and use network sharing.

If I try to connect thru the local network  the phone boot up stalls and gives a message "checking DNS".

What doI need to configure on the router to get the phones to work?
Using CLI plz






Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).