We help IT Professionals succeed at work.






Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

So unfortunately because of the situation at hand I have been furloughed and already going stir crazy.   I've decided to try to switch my focus from Microsoft to Cisco.   I was wondering since I am at home right now if anyone could recommend some good online courses I can start off with to look at a CCNA.   I need to keep myself going and would like to cert track as much as possible to spend some time.   I don'`````````````````t know if this can be done sitting at home and learning without a firewall or router but I figured I would ask if anyone has tried this and had success.   ```````````````````````````````````````````If its too much trouble thats fine I am just looking to expand my learning.

The other possibility would be to try and look at Microsoft server 2019 or 2016 MCSE.   I am thinking it may be easier doing that.   Again this would have to be done from home so I would need some good tools.   Not sure if reading a book will work I will probably need access to virtual environments.    As always the assistance is appreciated.   I am hoping this furlough only lasts a month or so.  

THanks in advance.
I am testing a  Meraki for spoke site VPN. Most of these sites are very small - 10 - 20 people.
Does it help anything to have a separate WiFi vlan/subnet apart from the wired vlan/subnet?
With one /24 they'll have more than enough addresses.

Thoughts appreciated.
Hi Guys,
I configured LACP of 2 Gigabit port on cisco SG300.
When LACP is created automatically put one port in Active Member and on in Standby Member.
I can't change all 2 port to be Active Member.
Why? Isn't LACP 1:1 Redundancy a optional feature?

With everyone working from home I have enabled Jabber profiles and now I am getting a licensing error.

However, if I look at the users it says i am entitled to 2 enhanced level devices. The users all have 2 enhanced, they have CSF devices and also either a TCT or BOT Device.

Can anyone tell me what i am missing. When I look at my US Cluster I am not getting this licensing error.


I have a cisco FTD 1010 and am trying to build a site to site vpn.  I can get the vpn tunnel up, but am unable to pass traffic over the VPN tunnel.
I have a Cisco FTD 1010 configured with a site-to-site VPN.  I can get the tunnel to come up, but cannot seem to pass any traffic over the tunnel.
New to MacBook.  I have a user we just hired into the company who requested a Mac, and we are a Windows shop.  I've been successful with installing some of our apps into it, but having a challenge with 2 things:

1) Cannot get it to join our domain

2) Cannot get Cisco AnyConnect to open after installing it successfully

If anyone can help me one or both of these items, it would be much appreciated.

With the domain join, it keeps giving me an error 5502 and says the join failed.  

With the Cisco VPN, it tells me "No components loaded" and then won't open.  On w Windows PC, it opens a config screen and lets me configure the connection - Mac does not do this at all. This is a brand new MacBook Pro, btw.  

Thanks for your help.
Hi, I noticed a couple of errors about vMotion events on my VMware ESXi Cluster (mostly 6.7, two hosts have 6.0).
Apparently, two VMs weren't able to migrate due to "the vMotion failed because the destination hsot did not receive any data from the source host on the vMotion network".
I checked all ports of my host in the vMotion VLAN, and they are up&running on Cisco switches.
It seems that just ONE host isn't able to vmkping other hosts on vMotion VLAN.
I confirm that affected host HAS his IP address, and it is able to vmkping itself.
From other hosts, I have no arp for this host (checked with esxcli network ip  neighbor list | grep IP_OF_ISOLATED_HOST).

How can I troubleshoot this?
Thank you!
A limit of four simultaneous VPN connections was reported by my client.  I found they had overlooked the need to renewed licensing for AnyConnect.  The license key must be applied to the Cisco ASA 5505 and I have priv. level 15 credentials but cannot physically get to the server room due to the quarantine.  I can connect to a local management PC via RDP and utilize ASDM successfully.  Cisco
Adaptive Security Appliance Software Version 9.8(2)
Firepower Extensible Operating System Version 2.2(2.52)
Device Manager Version 7.8(2)
Question 1:  Aside from using a console cable, what other methods may I utilize to install the AnyConnect license on the ASA? My searches have all led back to VPN implementation instruction and the console cable method regardless of my attempts to make these results an ill fit through variations of the question.  I am grateful for any enlightenment.
Does anyone have any experience with pushing the server paths to the Cisco Anyconnect client? We are moving our gateways around and I cannot find anything online regarding Cisco admx files or the settings that I'm looking for.

Many thanks!
Does anyone by chance have a step by step install documentation created for a Cisco ASA 5508 for anyconnect?  We had a firewall die and installed this one as new.   They were IPSEC now on SSL.  We need to deploy anyconnect to everyone and just need to tweak the document to fit our clients config.  Any help would be greatly appreciated.   No one can tunnel in without setting this up.   This is pretty high priority.

I have two Cisco 6807-XL switches each one have dual SUP2T. I am trying to build VSS between them. Any help with configuration will be appreciated. The connection will be like below
Mobile VPN to Cisco ASA 55xx-
I'm not as Cisco user until recently and I have a question that I think a Cisco admin can answer- Where do I configure the policies for accessing local LAN resources via mobile device connected to the ASA 55xx VPN ?  Any help would be greatly appreciated.  Thanks!
We have two Cisco 4500's running IOS 3.06 and using VSS. On one of the interfaces of the port channel that connects to our Core switch, we are setting a high output drop rate. The switch hosts 95% of our VMware Server and VDI environment. Cisco support stated the drops are mostly like caused by one of the interfaces is getting overwhelmed. Since the Load Balancing policy is set to Source IP, and support suggested we change it. Which is the best LB policy to use?
I am looking for Anyconnect 4.8+ version for Mac. Catalina is making my life miserable. I understand if I had a CISCO SmartNet this wouldn't be a question but anyone know anywhere else to obtain? ***insert laughing here
Hi, I have a Cisco RV340, I enabled the PPTP server like I have with the old RV042's setup the users and passwords and from the client I get the following error.

The remote connection was denied because the user name and password combination you provided is not recognized or the selected authentication protocol is not permitted on the remote access server

I have checked MSChap v2 and all.

Thanks all.
Cisco Router   - importing config from a txt file.

I have a brand new Cisco router that i need to configure. I have the config on a txt file. I have a laptop with putty and I'm connected to the router via the console.

I'm in conf t mode.

Can someone explain how I get the config to the router?
Running into an issue where there are perhaps 100 hosts all trying to ping HSRP address for keepalives for active directory. Is there a way to determine if the switch is being overwhelmed with ping requests? What would I be looking for?
How do I setup a user so they can connect using SSH to a firewall. I can do it but I don't know how to assign that person permissions.  The firewall is a Cisco ASA 5525.
Hi peoples - my scenario is this: I want to setup my router to forward rdp traffic across my router to my server.
1. All incoming traffic from ISP going to G 0/0.
2. Want RDP traffic from 10.1.x.x: 3389 to be forwarded to the server.

What commands would I have to set up on the router to achieve this?

Thanks in advance for any help!!
I have been trying to SSH to my ASA 5525 and get a list of users that are currently connected to Remote Access VPN.  I run show vpn-sessiondb remote and I get an error that states, "Info: There are presently no active sessions of the type specified".  According to ASDM Monitoring > VPN > VPN Statistics > Sessions it shows that I have a number of Active sessions.  This makes sense because I have one of them.  

Any ideas?
When I add a new blade to a UCS chassis the server profile from a template has it create six vNICs - two for mgt, two for iSCSI, two for data. They are numbered 0 through 5. And so it is also on the VMWare side where VMNICs are numbered 0 to 5. But the last time I turned the newly registered server over to the VMWare admins the VMNICs 0 through 5 had the mac addresses all jumbled up. What was 1 in UCS might be 4 in VMWare, 2 might align with  3 and so on. My question is - what mechanism determines which NIC as defined by its mac address is associated with what sequence number in VMWare. Is it just a matter of how the VMW engineer selects the NICs for attachment to the VM? Do they all come in at once and VMW just decides the sequence number of each? Inquiring minds want to know!

I think I have Cisco FirePOWER User Agent for the FirePOWER Management Consoles setup correctly.  Now I can see user's names.  But, I want to see which URL's a user has been to.  How can I do that?
Hi all,

We have squid proxy server on Ubuntu 16.04 in our company and use Cisco ASA redirects the Internet traffic through wccp tunnel. We planed to upgrade the Ubuntu to 18.04 recently.

I setup the new proxy server on Ubuntu 18.04 in a test environment, but the wccp didn't work.

Here are the configurations and some troubleshooting steps I have taken:

### Squid config
acl localnet src  # RFC 1122 "this" network (LAN)
acl localnet src             # RFC 1918 local private network (LAN)
acl localnet src          # RFC 6598 shared address space (CGN)
acl localnet src         # RFC 3927 link-local (directly plugged) machines
acl localnet src          # RFC 1918 local private network (LAN)
acl localnet src         # RFC 1918 local private network (LAN)
acl localnet src fc00::/7               # RFC 4193 local private network range
acl localnet src fe80::/10              # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # …
I was hoping that you can point me in the right direction, and provide some instructions on how to complete switch port mapping.
I would like to discover MAC and possibly IP addresses of all devices connected, and match each with a specific switch port.

- Cisco SNMP configuration
- Recommended network tool (paid version is fine)

We are dealing with multiple Cisco network switches, mostly SG-500s and SG-250s.
Simple flat network for now, two VLANs default and voice.

Please let me know, your help is much appreciated.

Thank you,






Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).