Cisco Network Security Troubleshooting Handbook
- By Mynul Hoda
- Published Nov 11, 2005 by Cisco Press.
eBook
- Sorry, this book is no longer in print.
- About Watermarked eBooks
This PDF will be accessible from your Account page after purchase and requires PDF reading software, such as Acrobat® Reader®.
The eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
- Copyright 2006
- Dimensions: 7-3/8" x 9-1/8"
- Edition: 1st
- eBook
- ISBN-10: 1-58705-443-4
- ISBN-13: 978-1-58705-443-3
Identify, analyze, and resolve current and potential network security problems
- Learn diagnostic commands, common problems and resolutions, best practices, and case studies covering a wide array of Cisco network security troubleshooting scenarios and products
- Refer to common problems and resolutions in each chapter to identify and solve chronic issues or expedite escalation of problems to the Cisco TAC/HTTS
- Flip directly to the techniques you need by following the modular chapter organization
- Isolate the components of a complex network problem in sequence
- Master the troubleshooting techniques used by TAC/HTTS security support engineers to isolate problems and resolve them on all four security domains: IDS/IPS, AAA, VPNs, and firewalls
With the myriad Cisco® security products available today, you need access to a comprehensive source of defensive troubleshooting strategies to protect your enterprise network. Cisco Network Security Troubleshooting Handbook can single-handedly help you analyze current and potential network security problems and identify viable solutions, detailing each step until you reach the best resolution.
Through its modular design, the book allows you to move between chapters and sections to find just the information you need. Chapters open with an in-depth architectural look at numerous popular Cisco security products and their packet flows, while also discussing potential third-party compatibility issues. By following the presentation of troubleshooting techniques and tips, you can observe and analyze problems through the eyes of an experienced Cisco TAC or High-Touch Technical Support (HTTS) engineer or determine how to escalate your case to a TAC/HTTS engineer.
Part I starts with a solid overview of troubleshooting tools and methodologies. In Part II, the author explains the features of Cisco ASA and Cisco PIX® version 7.0 security platforms, Firewall Services Module (FWSM), and Cisco IOS® firewalls. Part III covers troubleshooting IPsec Virtual Private Networks (IPsec VPN) on Cisco IOS routers, Cisco PIX firewalls with embedded VPN functionalities, and the Cisco 3000 Concentrator. Troubleshooting tools and techniques on the Authentication, Authorization, and Accounting (AAA) framework are discussed thoroughly on routers, Cisco PIX firewalls, and Cisco VPN 3000 concentrators in Part IV. Part IV also covers troubleshooting Cisco Secure ACS on Windows, the server-side component of the AAA framework. IDS/IPS troubleshooting on IDS/IPS appliances, IDSM-2 blade, and NM-CIDS blade on Cisco IOS routers are covered in
Part V. In Part VI, the author examines the troubleshooting techniques for VPN/Security Management Solution (VMS) tools used for managing products from all four security domains in greater detail: IDS/IPS, AAA, VPNs, and firewalls.
Cisco Network Security Troubleshooting Handbook prepares you to troubleshoot your network’s security devices and presents step-by-step procedures for tackling issues that arise, so that you can protect your network.
This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
Table of Contents
Part I Troubleshooting Tools and Methodology
Chapter 1 Troubleshooting Methods
Proactive Actions for Handling Network Failure
Types of Failure
Problem-Solving Model
Step 1: Define the Problem
Step 2: Gather the Facts
Step 3: Consider Possible Problems
Step 4: Create an Action Plan
Step 5: Implement the Action Plan
Step 6: Observe Results
Step 7: Repeat if Necessary
Step 8: Document the Changes
Summary
Chapter 2 Understanding Troubleshooting Tools
Using Device Diagnostic Commands
show Commands
debug Commands
Test Commands
ping Command
traceroute Command
telnet Command
nslookup Command
Network Analyzers
Trivial File Transfer Protocol (TFTP) Server
FTP Server
Syslog Server
Audit and Attack Tools
Core Dump
Using TFTP
Using FTP
Using rcp
Using a Flash Disk
Additional Configuration
“Exception Memory” Command
debug sanity Command
Testing the Core Dump Setup
Part II Troubleshooting Cisco Secure Firewalls
Chapter 3 Troubleshooting Cisco Secure PIX Firewalls
Overview of PIX Firewall
PIX Packet Processing
File System Overview
Access-List
time-range Keyword
Enable/Disable
Outbound ACL
nat-control
Modular Policy Framework (MPF) Objective
Transparent Firewall
Diagnostic Commands and Tools
show Commands
show xlate [detail]
show connection [detail]
show local-host
show service-policy
show asp drop
show cpu usage
show traffic
show blocks
show output filters
show tech-support
Debug Commands
debug icmp trace
debug application_protocol
debug pix process
debug fixup tcp | udp
capture Command
Sniffer Capture
Syslog
Traceback/Crashinfo
Other Tools
Problem Areas Breakdown
Licensing Issues
Password Recovery Issue
Software Upgrade and Downgrade Issues
Standard Upgrade Procedure
Upgrade using ROM Monitor Mode
Downgrade Procedure
Upgrading PIX Firewall in a Failover Setup
Connection Issues Across PIX Firewall
Configuration Steps
Troubleshooting Steps
Transparent Firewall Issues
Configuration Steps
Troubleshooting Steps
Virtual Firewall
Security Context
How the Virtual Firewall Works
Limitations of Virtual Firewall
Configuration Steps
Troubleshooting Steps
Quality of Service (QoS) Issues
Policing
Low Latency Queuing (LLQ)
Troubleshooting Steps
Performance Issues
High CPU Utilization
High Memory Utilization
Large ACL
Reverse DNS & IDENT Protocol
Case Studies
Active/Standby Model
Active/Active Model
Hardware and License Requirements
System and User Failover Group
Initialization, Configuration Synchronization/Command Replication
Configuration Examples
Asymmetrical Routing Support
Troubleshooting Steps
Common Problems and Resolutions
Best Practices
Protecting the PIX Firewall Itself
Protecting Network Resources
Chapter 4 Troubleshooting Firewall Services Module
Overview of FWSM Firewall
FWSM Architecture
Control Plane (CP)
Network Processors (NP)
Packet Flows
Diagnostic Commands and Tools
Show Commands
show Commands on the Switch
show Commands on the FWSM
Debug Commands
Sniffer on the FWSM
Syslog on the FWSM
Sniffer Capture
Analysis of Problem Areas
Licensing Issues
Hardware Issues
Firewall Module Administration Issues
Flash
Setting the Boot Device (Route Processor)
Maintenance Partition
Password Recovery Procedure
Upgrading a New Image
Upgrading Software Images
Connection Problems
Configuration Steps
Troubleshooting Steps
AAA Issues
Virtual and Transparent Firewall
High CPU Issues
Intermittent Packet Drops Issues
Failover Issues
Failover Operations
Configuration Steps
Troubleshooting Steps
Case Studies
Case Study 1: Multiple SVI for FWSM
Why Change the Existing Model?
Scenario One: DHCP Helper with FWSM 1.1(x)
Scenario Two: Alternate Configuration
Case Study 2: Understanding Access-List Memory Utilization
The Compilation Process: Active and Backup Trees
How Memory Is Allocated: Release 1.1(x) or 2.2(1) in Single Mode
How memory is Allocated: Release 2.2(1) in Multiple Mode
Trees and contexts: A Matter of Mapping
FWSM Release 2.3: The ACL Partition Manager
Examples of ACL Compilation
Access-lists: Best Practices
Common Problems and Resolutions
Best Practices
Chapter 5 Troubleshooting an IOS Firewall
Overview of IOS Firewall (CBAC)
Single Channel Protocol Inspection
UDP and CBAC
ICMP and CBAC
Application Layer Protocol (TCP-based) and CBAC
Multi-Channel Protocol Inspection
NAT/PAT and CBAC
Port Application Mapping (PAM) and CBAC
Denial of Service (DoS) Detection And Prevention
TCP Syn Flood and DoS Attack Launched by UDP
Fragmentation
Real-Time Alerts and Audit Trails
Interaction of CBAC with IPsec
Transparent Cisco IOS Firewall
Diagnostic Commands and Tools
show Commands
debug commands
Syslog
Packet Capture (Sniffer Traces)
Categories of Problem Areas
Selection of Software for IOS Firewall Issues
Unable to Connect (Inbound and Outbound) across CBAC
Packet Failure to Reach the Router’s Incoming Interface
Misconfigured ACL
Misconfigured NAT and Routing
IP Inspection Applied In the Wrong Direction
UDP Inspection Is Not Configured
Return Traffic Might Not Be Coming Back to the Router
ICMP Traffic Is Not Inspected
There Is a Problem with Inspecting Single Channel Protocol
Required Multi-Channel Protocol is Not Inspected
IP URL Filtering Blocking The Connection
Redundancy or Asymmetric Routing Problems
Performance Issues
Timeouts for TCP, UDP, and DNS
Short Threshold Values for Half-open and New Connections
HTTP Inspection Dilemma
Switching Path
Large ACL
Reverse DNS and IDENT Protocols
Running Older Code
Intermittent Packet Drops
IP URL Filtering Is Not Working
Case Studies
How auth-proxy Works
Method of Authentication
Supported Platform
Configuration Steps
Troubleshooting auth-proxy
Common Problems and Resolutions
Best Practices
Basic Router Security
Anti-spoofing Configuration
Part III Troubleshooting Virtual Private Networks
Chapter 6 Troubleshooting IPsec VPNs on IOS Routers
Overview of IPsec Protocol
Encryption and Decryption
Symmetric Algorithms
Asymmetric Algorithms
Digital Signatures
Security Protocols
Authentication Header (AH)
Encapsulating Security Header (ESP)
Transport Mode
Tunnel Mode
Security Associations (SAs)
SA and Key Management with IKE Protocol
IKE Phase 1
Diagnostic Commands and Tools
show Commands
show Command for Phase I
show Commands for Phase II
show Commands for Interface Counters
show Command for Verifying IPsec Configuration
Commands for Tearing Down Tunnel
debug Commands
Analysis of Problem Areas
Basic LAN-to-LAN Troubleshooting
Successful LAN-to-LAN Tunnel Establishment Process
Tunnel Establishment Fails at Phase I
Tunnel Establishment Fails at Phase II
Tunnel Is Established but Unable To Pass Traffic
GRE over IPSec
Configuration Steps
Troubleshooting Steps
Public Key Infrastructure (PKI) Troubleshooting
Configuration Steps
Troubleshooting Steps
Remote Access Client VPN Connection
Configuration Steps
Troubleshooting Steps
Case Studies
DMVPN Architecture
Multipoint GRE Tunnel Interface (mGRE Interface)
Next Hop Resolution Protocol (NHRP)
Configuration Steps
Troubleshooting DMVPN
NHRP Mapping Problem
Crypto Socket Creation Problem
Crypto VPN problem
Passing Data Across an Established Tunnel Problem
Common Problems and Resolutions
NAT With IPsec Issues
NAT in the Tunnel End Points
NAT in the Middle
Firewall and IPsec Issues
Maximum Transmission Unit (MTU) Issues
Split Tunneling Issues
Best Practices
Stateful Failover
Stateless Failover
Loss of Connection Detection Mechanism
Stateless Failover Mechanism Options
Chapter 7 Troubleshooting IPsec VPN on PIX Firewalls
Overview of IPsec Protocol
Diagnostic Commands and Tools
show Commands
debug Commands
Categorization of Problem Areas
LAN-to-LAN Troubleshooting
Configuration Steps
Troubleshooting Steps
Remote Access VPN Troubleshooting
Configuration Steps
Troubleshooting Steps
Case Studies
Common Problems and Resolutions
NAT with IPsec Issues
NAT in the tunnel End Point
NAT Device In the Middle of Tunnel End Points
Firewall and IPsec
Maximum Transmission Unit (MTU) Issues
Split Tunneling Issues
Best Practices
Dead Peer Discovery (DPD)
Reverse Route Injection (RRI)
Stateful Failover For VPN Connections
Chapter 8 Troubleshooting IPsec VPNs on VPN 3000 Series Concentrators
Diagnostic Commands and Tools
Debug Tool
Monitoring Tool
Administer Sessions
Configuration Files
LED Indicators
Crash Dump File
VPN Client Log
Analysis of Problem Areas
LAN-to-LAN Tunnel Issues
Configuration Steps
Troubleshooting Steps
Remote Access VPN Connection
Configuration Steps
Troubleshooting Steps
Digital Certificate Issues
Digital Certificate on the VPN Client
Digital Certificate on the VPN Concentrator
Case Studies
Clientless SSL VPN
Configuration Steps for Basic SSL VPN Connection
Troubleshooting Steps for Basic SSL VPN Connection
Configuration Steps for Web Server Access
Troubleshooting Steps For Web Server Access
Configuration Steps for CIFS Access
Troubleshooting Steps for CIFS Access
Thin Client
Configuration Steps for Port Forwarding
Java Applet Debugging
Troubleshooting Steps for Port Forwarding
Configuration Steps for MAPI Proxy
Troubleshooting Steps for MAPI Proxy
Configuration Steps for E-mail Proxy
Troubleshooting Steps for E-mail Proxy
Thick Client (SSL VPN Client)
Configuration Steps for SSL VPN Client
Troubleshooting Steps for SSL VPN Client (SVC)
Common Problems and Resolutions
Best Practices
Redundancy Using VRRP
Redundancy and Load Sharing Using Clustering
Redundancy Using IPsec Backup Servers
Part IV Troubleshooting Network Access Control
Chapter 9 Troubleshooting AAA on IOS Routers
Overview of Authentication, Authorization, and Accounting (AAA)
AAA Architecture
AAA Communication Protocols
TACACS+
RADIUS
Difference between RADIUS and TACACS+
Diagnostic Commands and Tools
show Commands
debug Commands
Analysis of Problem Areas
Router Management Troubleshooting
Login Authentication
Configuration Steps
Troubleshooting Steps
Enable Password Authentication
Exec Authorization
Command Authorization
Accounting
Dialup Networking Troubleshooting
Authentication and Authorization for Dialup Networking
Accounting for Dialup Networking
X-Auth Troubleshooting for IPsec
Auth-proxy Troubleshooting
Case Studies
Router Configuration
LAC Configuration
RADIUS Server Configuration
LAC RADIUS Configuration
LNS RADIUS Configuration
Troubleshooting Steps
LAC Router Troubleshooting
LNS Router Troubleshooting
Common Problems and Resolutions
Best Practices
Chapter 10 Troubleshooting AAA on PIX Firewalls and FWSM
Overview of Authentication, Authorization, and Accounting (AAA)
Authentication
Authorization
Authorization for an Administrative Session
Authorization for VPN Connection (X-Auth)
Accounting
Diagnostic Commands and Tools
show commands
debug Commands
Syslog
Other Useful Tools
Problem Areas Analysis
Firewall Management with AAA Troubleshooting
Login Authentication Issues
Enable Authentication
Command Authorization
Troubleshooting Steps
Accounting
Cut-Through Proxy Authentication
Authentication for Cut-Through Proxy
Troubleshooting Cut-Through Proxy Authentication
Authorization for Cut-Through Proxy
Accounting for Cut-Through Proxy
Extended Authentication (X-Auth) Issues for Remote Access
VPN Connection
Configuration Steps
Troubleshooting Techniques
Case Studies
Case Study 1: AAA Exemption
Case Study 2: Virtual Telnet
Configuring Virtual Telnet
Troubleshooting Virtual Telnet
Case Study 3: Virtual HTTP
Common Problems and Resolutions
Best Practices
Chapter 11 Troubleshooting AAA on the Switches
Overview of AAA
Switch Management
Identity-Based Network Services (IBNSs)
IEEE 802.1x Framework
Extensible Authentication Protocol (EAP)
RADIUS IN 802.1x
What Is Authenticated
Machine Authentication
Authorization
Accounting
Extension of IEEE 802.1x Standard by Cisco IBNS Initiative
Diagnostic Commands and Tools
Switch Management
Identity-Based Network Services (IBNSs)
Categorization of Problem Areas
Switch Management Troubleshooting
Login Authentication
Enable Password Authentication
Authorization
Accounting
Identity-Based Network Services (IBNSs)
Configuration Steps
Authorization
Troubleshooting Steps
Case Studies
Configuring Automatic Client Enrollment on AD and Installing
a Machine Certificate on a Windows Client
Generating and Installing the CA Root Certificate
on the ACS Server
Generating and Installing an ACS Server Certificate
on the ACS Server
Common Problems and Resolutions
Best Practices
For Switch Management
For Identity-Based Network Services (IBNSs)
Chapter 12 Troubleshooting AAA on VPN 3000 Series Concentrator
AAA Implementation on the Concentrator
VPN Concentrator Management
Tunnel Group and User Authentication
Diagnostic Commands and Tools
Analysis of Problem Areas
VPN Concentrator Management Troubleshooting
Configuration Steps
Group/User Authentication (X-Auth) Troubleshooting
Both Group and User Authentication Are Performed Locally
on the VPN 3000 Concentrator
Group Authentication Is Done Locally and No User Authentication Is Done
Group Authentication Is Done Locally on VPN 3000 Concentrator and User Authentication Is Done with RADIUS Server
Group Authentication Is Done with a RADIUS Server and
User Authentication Is Done Locally
Both Group and User Authentications Are
Performed with the RADIUS Server
User Is Locked to a Specific Group
Dynamic Filters on the VPN 3000 Concentrator
Configuration of Dynamic Filters on CiscoSecure ACS
Troubleshooting Steps
Case Studies
VPN 3000 Concentrator Configuration
Group Configuration on the VPN 3000 Concentrator
Defining the CS ACS RADIUS Server on VPN 3000 Concentrator
CS ACS Windows Configuration
AAA Client Definition for VPN 3000 Concentrator
Configuring the Unknown User Policy for Windows NT/2000
Domain Authentication
Testing the NT/RADIUS Password Expiration Feature
Common Problems and Resolutions
Best Practices
Chapter 13 Troubleshooting Cisco Secure ACS on Windows
Overview of CS ACS
CS ACS Architecture
The Life of an AAA Packet in CS ACS
Diagnostic Commands and Tools
Reports and Activity (Real-time Troubleshooting)
Radtest and Tactest
Package.cab File
Categorization of Problem Areas
Installation and Upgrade Issues
CS ACS on Windows Platform
CS ACS with Active Directory Integration
Configuration Steps
Troubleshooting Steps
CS ACS with Novell NDS Integration
Configuration Steps
Troubleshooting Steps
CS ACS with ACE Server (Secure ID [SDI]) Integration
Installation and Configuration Steps
Troubleshooting Steps
Replication Issues
Configuration
Troubleshooting Steps
Network Access Restrictions (NARs) Issues
Configuration Steps
Troubleshooting Steps
Downloadable ACL Issues
Downloading ACL per User Basis Using Filter-id
Using Cisco AV-Pair
Using Shared Profile Components
Troubleshooting Steps
Case Studies
Back Up and Restore the CS ACS Database
Creating a Dump Text File
User/NAS Import Options
Import User Information
Import NAS Information
Compact User Database
Export User and Group Information
Common Problems and Resolutions
Best Practices
Part V Troubleshooting Intrusion Prevention Systems
Chapter 14 Troubleshooting Cisco Intrusion Prevention System
Overview of IPS Sensor Software
IPS Deployment Architecture
IPS Software Building Blocks
MainApp
AnalysisEngine
CLI
Communication Protocols
Modes of Sensor Operation
Inline Mode
Inline Bypass Mode
Promiscuous Mode
Combined Modes
Hardware and Interfaces Supported
Diagnostic Commands and Tools
show Commands
show version
show configuration
show events
show statistics service
show interfaces
show tech-support
cidDump Script
tcpdump command
iplog
packet Command
Classification of Problem Areas
Initial Setup Issues
User Management Issues
Creation and Modification of User Profiles
Creating the Service Account
Software Installation and Upgrade Issues
Obtaining Sensor Software
IPS Software Image Naming Conventions
Installing or Re-imaging the IPS Appliances System Image
Disaster Recovery Plan
Upgrading Major/Minor Software or Service Pack/Signature Update
Upgrading to IPS 5.0
Licensing Issues
How Do I Know if I have A Valid License?
How to Procure The License Key From Cisco.com
Licensing the Sensor
Communication Issues
Basic Connectivity Issues
Connectivity Issues Between IPS Sensor and IPS MC or IDM
Connectivity Issues Between IPS Sensor and Security Monitor
Issues with Receiving Events on Monitoring Device
SensorApp Is Not Running
Physical Connectivity, SPAN, or VACL Port Issues
Unable to See Alerts
Blocking Issues
Types of Blocking
ACL or VACL Consideration on the Managed Devices
Supported Managed Devices and Versions
Proper Planning for Blocking
Master Blocking Sensor (MBS)
Configuration Steps for Blocking
Configuring Steps for the Master Blocking Sensor (MBS)
Troubleshooting Steps for Blocking
TCP Reset Issues
Inline IPS Issues
Configuration Steps
Troubleshooting Steps
Case Studies
Capturing IPS Traffic with a Hub
Capturing IPS Traffic with SPAN
SPAN Terminology
SPAN Traffic Types
SPAN on Catalyst 2900/3500XL
SPAN on Catalyst 2950, 3550 and 3750
SPAN on Catalyst 4000/6000 with Cat OS
SPAN on Catalyst 4000/6000 with Native IOS
Capturing IPS Traffic with Remote SPAN (RSPAN)
Hardware Requirements
Configuration Steps
Capturing IPS Traffic with VACL
Capturing IPS Traffic with RSPAN and VACL
Capturing IPS Traffic with MLS IP IDS
Common Problems and Their Resolution
Best Practices
Preventive Maintenance
Creation of Service Account
Back up a Good Configuration
Recommendation on Connecting Sensor to the Network
Recommendation on Connecting the Sniffing Interface
þþof the Sensor to the Network
Rating IPS Sensor
Recommendation on Connecting Command and Control Interface
Recommendation on Settings of Signature on Sensor
Recommendation on Inline-Mode Deployment
Chapter 15 Troubleshooting IDSM-2 Blade on Switch
Overview of IDSM-2 Blade on the Switch
Software and Hardware Requirements
Slot Assignment on the Switch
Front Panel Indicator Lights and How to Use Them
Installing the IDSM-2 Blade on the Switch
Removing the IDSM-2 Blade from the Switch
Ports Supported on IDSM-2 Blade
Diagnostic Commands and Tools
show Commands in Both Modes
show Commands in CatOS
show Commands in Native IOS
Common Problems and Resolutions
Hardware Issues
IDSM-2 Hardware Issues on Native IOS
IDSM-2 HW Issue on CatOS
Communication Issues with IDSM-2 Command and Control Port
Configuration Steps
Troubleshooting Steps
Failing to Get Traffic from the Switch with Promiscuous Mode
Configuration Steps
Troubleshooting Steps
Issues with Inline Mode
Not Generating Events Issues
TCP Reset Issues
Case Study
How to Re-image the IDSM-2 with System Image
How to Upgrade the Maintenance Partition
How to Upgrade the Signature/Service Packs/Minor/Major
Software Upgrade
How to Upgrade the IDSM-2 Blade from IDSM 4.x to 5.x
Common Problems and Resolutions
Best Practices
Chapter 16 Troubleshooting Cisco IDS Network Module (NM-CIDS)
Overview of NM-CIDS on the Router
Software and Hardware Requirements
Front Panel Indicator Lights and How to Use Them
Slot Assignment on the Router
Installing NM-CIDS Blade on the Router
Removing NM-CIDS Blade from the Router
Ports Supported on NM-CIDS
Diagnostic Commands and Tools
Common Problems and Resolutions
Hardware Issues
NM-CIDS Console Access Issues
Assigning IP Address to the IDS-Sensor Interface on the Router
Connecting to NM-CIDS
Disconnecting from NM-CIDS
Troubleshooting Console Access Issues
Communication Issues with NM-CIDS Command and Control Port
Issues with Not Receiving Traffic from the Router
Using the Sniffing Port
Configuration Steps
Troubleshooting Steps
Managing NM-CIDS from an IOS Router
Software Installation and Upgrade Issues
Case Studies
CEF Forwarding Path
IPS Insertion Points
Network Address Translation (NAT)
Encryption
Access List Check
IP Multicast, UDP Flooding, IP Broadcast
Generic Routing Encapsulation (GRE) Tunnels
Address Resolution Protocol (ARP) Packets
Packets Dropped by the IOS
Forwarding the Packets to the IDS at a Rate Higher
Than the Internal Interface Can Handle
Common Problems and Resolutions
Re-imaging the NM-CIDS Application Partition
Performing the Re-image of Application Partition
Troubleshooting Steps
Configuring Time on the NM-CIDS
Default Behavior for Time Setting on NM-CIDS
Using Network Time Protocol (NTP) Server
Best Practices
Chapter 17 Troubleshooting CiscoWorks Common Services
Overview of CiscoWorks Common Services
Communication Architecture
User Management on CiscoWorks Common Services
Diagnostic Commands and Tools
How to Collect mdcsupport on a Windows Platform
Categorization and Explanation of MDCSupport-Created Log Files
Categorization of Problem Areas
Licensing Issues
Registration for CiscoWorks Common Services
Installing/Upgrading the License Key for CiscoWorks Common Services
Registration for the Management Center for Cisco
Security Agents (CSA MC)
Installing the License Key for the Management Center for
þþCisco Security Agents (CSA MC)
Common Licensing Issues and Work-Arounds
Installation Issues
Installation Steps
Troubleshooting Installation Problems
User Management Issues
Database Management Issues
CiscoWorks Common Services Backup
CiscoWorks Common Services Restore
Case Studies
Common Problems and Resolutions
Best Practices
Chapter 18 Troubleshooting IDM and IDS/IPS Management Console (IDS/IPS MC)
Overview of IDM and IDS/IPS Management
Console (IDS/IPS MC)
IDS/IPS MC and Security Monitor Processes
Communication Architecture
Diagnostic Commands and Tools
Audit Reports
MDCSupport File
How to Collect MDCSupport on a Windows Platform
What to Look for and What Is Important in the MDCSupport File
Enable Additional Debugging on IDS/IPS MC
Analysis of Problem Areas
Important Procedures and Techniques
Verifying Allowed Hosts on the Sensor
Adding Allowed Hosts on the Sensor
Verifying the SSH and SSL Connection Between IDS/IPS MC and
þþa Sensor
Resolving SSH and SSL Connection Problems Between IDS/IPS MC and
þþa Sensor
Verifying If the Sensor Processes Are Running
Verifying That the Service Pack or Signature Level Sensor Is Running
Verifying the Service Pack or Signature Level on IDS/IPS MC
Verifying That the IDS/IPS MC (Apache) Certificate Is Valid
Regenerating IDS/IPS MC (Apache) Certificate
Resolving Issues with the IDS/IPS Sensor Being Unable to Get
þþthe Certificate
Changing the VMS Server IP Address
Manually Updating the Signature Level on the Sensor
Unable to Access the Sensor Using IDM
IDS/IPS MC Installation and Upgrade Issues
IDS/IPS MC Licensing Issues
Corrupted License
Determining If a License Is Expired
Importing Sensor Issues with IDS/IPS MC
Configuration Steps
Troubleshooting Steps
Signature or Service Pack Upgrade Issues with IDS/IPS MC
Upgrade Procedure
Troubleshooting Steps
Configuration Deployment Issues with IDS/IPS MC
Configuration Steps
Troubleshooting Steps
Database Maintenance (Pruning) Issues
Case Study
Launch the Attack and Blocking
Troubleshooting Steps
Common Problems and Resolutions
Best Practices
Chapter 19 Troubleshooting Firewall MC
Overview of Firewall MC
Firewall MC Processes
Communication Architecture
Diagnostic Commands and Tools
Collecting the Debug Information (Diagnostics)
Using GUI
Using CLI
What Does the CiscoWorks MDCSupport Utility Generate?
Other Useful Log Files Not Collected by mdcsupport
Analysis of Problem Areas
Installation Issues
Installation Verifications
Installation Troubleshooting
Initialization Issues
Browser Issues
Authentication Issues
Firewall MC Authenticated by the Firewall During Configuration
þþImport and Deployment
Firewall MC Authenticated by the Auto Update Server During
þþConfiguration Deployment
Firewalls Authenticated by the Auto Update Server During Configuration or
þþImage Pulling
Activity and Job Management Issues
Unlocking of an Activity
Stopping a Job from Being Deployed
Device Import Issues
Configuration Generation and Deployment Issues
Firewall MC is Unable To Push the Configuration to the AUS
Getting “Incomplete Auto Update Server contact info.” Message when
þþPushing The Configuration to AUS
Memory Issues with Firewall Services Module (FWSM) during þþDeployment
Database Management Issues
Backing up and Restoring Databases
Scheduling Checkpoint Events for the Database
Compacting a Database for Performance Improvement
Disaster Recovery Plan
Common Problems and Resolutions
Best Practices
Chapter 20 Troubleshooting Router MC
Overview of Router MC
Router MC Processes
Communication Architecture
Features Introduced on Different Versions of Router MC
Diagnostic Commands and Tools
Setting the Logging Level
Collecting the Debug Information (Diagnostics)
Using a Graphic User Interface
Using a Command Line Interface
Collecting the Router MC Database
Using the Log Files
Reports
Analysis of Problem Areas
Installation and Upgrade Issues
Initialization Issues
Browser Issues
Authentication Issues
Authentication Issues with the Router MC
Authentication Issues with the Managed Device Using SSH
Activity and Job Management Issues
Device Import Issues
Configuration Generation and Deployment Issues
Database Management Issues
Backing up and Restoring Database
Troubleshooting Router MC Backup/Restore Operations
Case Study
Understanding User Permissions
CiscoWorks Server Roles and Router MC Permissions
ACS Roles and Router MC Permissions
Setting up Router MC to Work with ACS
Step 1: Define the Router MC Server in ACS
Step 2: Define the Login Module in CiscoWorks as TACACS+
Step 3: Synchronize CiscoWorks Common Services with the
þþACS Server Configuration
Step 4: Define Usernames, Device Groups, And User Groups in ACS
Best Practices
Chapter 21 Troubleshooting Cisco Security Agent Management Console (CSA MC)
and CSA Agent
Overview of CSA MC and Agent
Management Model for CSAgent
CSA MC Directory Structure
Communication Architecture
How Cisco Security Agents Protect Against Attacks
Diagnostic Commands and Tools
CSA MC Log
Windows System Information
Server Selftest Information
CSA MC Log Directory
CSA Agent Log
CSA Agent Log Directory
Turning on Debug Mode
Details Log—csainfo.log file
Logs for Blue Screen
Rtrformat Utility
Additional Logs Controlled by the Sysvars.cf file
Categorization of Problem Areas
Installation and Upgrade Issues
New Installation Issues with CSA MC
New Installation Issues with CSAgent
Upgrade Issues with CSA MC
CSAgent Update Issues
Licensing Issues
How to Procure the License
How to Import the License
Determining the Number of Desktop/Server Licenses That Are in Use
Troubleshooting Licensing Issues
CSA MC Launching Issues
CSA MC Not Launching
CSA MC Is Launching, but Slowly
CSAgent Communication, Registration, and
þþPolling Issues with CSA MC
Application Issues with CSAgent
How to Create Exceptions
How to Disable Individual CSAgent Shims
Disabling csauser.dll
Creating Buffer Overflow Exclusions
Troubleshooting Steps
Report Generation Issues
Profiler Issues
Database Maintenance Issues
Disaster Recovery Plan (DRP) for CSA MC
Purging Events from the Database
Compacting the Database
Checking and Repairing the CSA MC MSDE Database
Common Problems and Resolutions
Best Practices
Recommendation on Installation
Test Mode
Disaster Recovery for CSA
Chapter 22 Troubleshooting IEV and Security Monitors
Overview of IEV and Security Monitor
Communication Architecture
How Does It Work?
RDEP/SDEE Collector Management
XML Parsing
Alert Inserter
IDS/IPS MC and Security Monitor Processes
User Management for Security Monitor
Diagnostic Commands and Tools
Categorization of Problem Areas
Installation Issues
Issues with Launching
DNS Issues
Issues with Enabling SSL
Getting Internal Server Error While Opening Security Monitor
Security Monitor Takes a Long Time to Launch
Page Cannot Be Found Error While Trying to Launch Security Monitor
IDS/IPS MC Launches But Security Monitor Does Not
Security Monitor Behaves Strangely
Licensing Issues
Device Management Issues
Importing IDS Sensors from IDS/IPS MC
Adding Other Devices
IEV and Security Monitor Connect with Sensor
Notification Issues
Event Viewer Issues
Launching the Event Viewer
Using the Event Viewer
Generating Events for Test
Troubleshooting Steps
Report Generation Issues
Report Generation Fails
Report Fails to Complete
Database Maintenance Issues
Proactive Measures Immediately After Installing the Security Monitor
Reactive Measures During Run Time
Case Study
Configuration Steps
Troubleshoot E-mail Notification
Common Problems and Resolutions
Best Practices
Other Things You Might Like
- Securing Enterprise Networks with Cisco Meraki
- eBook $55.99
- Securing Enterprise Networks with Cisco Meraki
- Book $55.99