Tried to migrate ACS 5.8 to ISE 3.0 but I was getting following message: “The server selected protocol version TLS10 is not accepted by client preferences [TLS12]”.
Since TLS 1.0 is disabled by default I had to enable it in java control panel (Oracle java 1.8) and also edit file C:\Program Files (x86)\Java\jre1.8.<some_version>\lib\security\java.security, remove TLSv1 from option jdk.tls.disabledAlgorithms and finally restart the migration application.
You can do the same in linux environment for openjdk by editing /usr/lib/jvm/java-11-openjdk-amd64/conf/security/java.security
Tnx to stackoverflow
ssh to device, and connect to fxos
FTD> connect fxos
FXOS# scope chassis 1
FXOS/ chassis# show chassis inventory expand
Create bash script:
#!/bin/bash
wget -q https://talosintelligence.com/documents/ip-blacklist
ipblack=( $(cut -d ';' -f2 ip-blacklist ) )
echo "conf t"
for ip in "${ipblack[@]}"
do
echo "name $ip TALOS_BLACKLIST_$ip"
done
echo "no object-group network TALOS_BLACKLIST"
echo "object-group network TALOS_BLACKLIST"
for ip in "${ipblack[@]}"
do
echo "network-object host $ip"
done
echo "!"
echo "exit"Run it, copy-paste output to your ASA:
./talos-ipblacklist.sh > talos-blacklist.cfg
ASA(config)# management-access mgmt_interface
ASA(config)# nat (outside,mmgt_interface) source static RAVPN_POOL RAVPN_POOL destination static ASA_MGMT_IP ASA_MGMT_IP no-proxy-arp route-lookup
ASA(config)# ssh RAVPN_POOL management
show repository <repository name> | i <repository name>
acs restore <backup name> repository <repository name>
show application status acs
Start -> RUN -> osk
You’ll get on screen keyboard and now you can press CTRL + ALT + DEL to change your password.
I upgraded ubuntu to focal 20.04 and SSH was unable to negotiate with network devices I tried to ssh on.
Solution was found here, or simpy editing /etc/ssh/ssh_conf by adding following lines to the end of the file:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
MACs hmac-md5,hmac-sha1,umac-64@openssh.com
KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
HostKeyAlgorithms ssh-rsa,ssh-dss
I had some problems while downgrading so here are my steps.
Documentation is not really clear about this, so here are the steps.