Cisco RMA steps

open case 

request RMA

enter serial

chat now

Can I request RMA for this serial number : xxxxxxx

creates a RMA ticket

address needs to have customer name (your address / eircode)

or ship the RMA to the customer site

export user cert from windows cert store

Open MMC 

Add certs snap-in

user account and computer store

Check certificates > personal

exported the user cert from user store (use PKCS12 or DER base-64 encoded)

imported user cert into machine

switch aaa and radius authentication settings for duo etc

 aaa group server radius DUO-AUTH

aaa authentication login default group DUO-AUTH local

aaa authentication login CON-LOCAL local

aaa group server radius DUO-AUTH

 server name DUO-AUTH-PROXY

 ip radius source-interface Vlan2

radius server DUO-AUTH-PROXY

 address ipv4 192.168.1.1 auth-port 18122 acct-port 18122

 pac key 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

find what DH group an ikev1 S2S VPN is using in ASA

Move away from Groups 2, 5, 24. 

DH Groups 2, 5, 24 are considered insecure and are deprecated in FTD’s running 6.5/6.6 and will be removed in a later version.

check 6.7 and 7.1 release notes and search for group 5

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/710/management-center-device-config-71/vpn-s2s.html? 

IKEv1

show vpn-sessiondb detail l2l filter ipaddress x.x.x.x

Look for "D/H Group" in IKEv1 section

sh crypto isakmp sa detail | i Grp:

sh crypto isakmp sa | i PFS Group 2,

Looking for groups 2 and 5

 sh crypto isakmp sa detail | i Grp:2,

 sh crypto isakmp sa detail | i Grp:5,

Can copy the full output of " sh crypto isakmp sa detail" to a text file and search

QoS palo alto

Make QoS policies

Policies > QoS

Assign policies to a profile:

Network > Network Profiles > QoS Profile

Assign a profile to interfaces

Network > QoS

why speed test results are usually lower than advertised speed

Overhead

• Your internet speed is measured in raw bits per second (bps), but real-world data transfer includes additional information like headers, acknowledgments, and error checking.

• TCP/IP, Ethernet, and other protocols add packet overhead, meaning some portion of the bandwidth is used for network management rather than your actual data.
• This overhead typically accounts for 5-15% of the total bandwidth, which explains why you rarely see a full 1 Gbps in speed tests.

Speed test client and server

The speed test server’s capacity can impact results. Some servers may be congested or unable to fully utilize your bandwidth.

The distance between you and the test server affects latency, which can slightly reduce speeds.

The speed test client needs to have a good NIC (intel if possible) and good spec (RAM and CPU) because it needs to make many connections to test the connection. For example if you test with a 100mbps NIC that is the max speed you can see. You need a 1gig NIC or better to test a 1gig connection.

ISP and firewall/network management and contention

• ISPs often use network shaping, congestion control, and peering agreements that affect speed.
• During peak times, ISPs may limit speeds slightly to ensure fair distribution of bandwidth among users.
• Your internal network/firewall may do the same
• Its best to test out of hours with just your test laptop plugged into the internet connection to give the best results

check a DNS TXT record

 

https://mxtoolbox.com/SuperTool.aspx?action=txt%3a%40.dlrcoco.ie&run=toolpage#

nslookup -type=TXT mail._domainkey.domain.com

dig TXT domain.com +short

Powershell

Resolve-DnsName -Type TXT domain.com