Network Wizkid's Technical Knowledge Base

In this article, I want to point out something that could save you time in the future and potentially save you a TAC case. Note:  This article is perfect for environments where you wish to keep the same password for local user accounts. The Cisco Identity Services Engine (ISE) comes packed with many good features, some of which include handy default security features for local user accounts and in this article, I will touch on one of those features. By default, Cisco ISE will disable local user accounts after 60 days if the account passwords haven’t been changed. This behaviour can be changed within ISE but if you choose not to change this setting and you surpass the 60 days all user account will need to be re-enabled every 24-hours. Luckily ISE will allow you to disable this setting without having to change all the passwords for the local users, to do this follow the steps below. Log into ISE using the GUI Navigate to Administration >>> Identity Management >>> Ide

Today I wanted to share my CCIE Security notes on ICMP redirect messages. ICMP Redirection is used to notify hosts that a better route is available for packets destined for a specific destination. This feature is available and enabled by default on all Cisco IOS releases but it is worth mentioning that there may be cases when ICMP redirection is disabled. Before diving into the details, it is important to note that ICMP redirection is disabled on interfaces that are running HSRP, this is the case for devices running pre-IOS 12.1(3) code. Cisco devices running post 12.1(3) code can still send ICMP redirect messages when HSRP is enabled on an interface. Certain conditions need to be met in order for ICMP redirection to occur, these are as follows: The router interface in which the packet arrives must be the same interface that the packet is re-routed out of, we will discuss this further later in this post The packet is not source-routed, by this we mean the sender has not specified the

In this article, I will demonstrate how to configure the ASAv so that you use a virtual serial port. This article assumes that you have installed the virtual Cisco Adaptive Security Appliance using VMware workstation or it’s equivalent and that you can only access the ASAv CLI via the VMware client. By default, the virtual serial console on the ASAv is disabled, so that it can be enabled, a few commands are required. Use Case At present, I only have access to the ASAv CLI using VMware Fusion but I want to use my computers terminal software to access the CLI for use with GNS3. The following steps assume you have already installed the ASAv Steps Power on the ASAv and access the CLI via VMware workstation or it’s equivalent Enter the following commands on the ASAv Enable Configure terminal cd coredumpinfo Copy coredump.cfg disk0:/use_ttyS0 – This will enable the serial console once saved to Disk0:/ Now shutdown the ASAv and upon reloading the ASAv will now send its output to the seria