Cisco Network Security Troubleshooting Handbook

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X]

capture command

capturing

     debug command output

     IPS traffic

         on hub

         on MPLS IP IDS

         on RSPAN

         on SPAN

         on VACL

     packets on FWSM

     sniffer traces

"cascade" replication

case studies

     Hairpinning, configuring

     PEAP configuration 2nd

     RADIUS configuration on Cisco IOS routers

     troubleshooting VPDN on Cisco IOS routers

     user permissions on Router MC

         ACS roles 2nd

         CiscoWorks Server roles

     VPDN configuration on Cisco IOS routers

Catalyst 2900/3500XL switches, configuring IPS traffic capture with SPAN

Catalyst 2900/3600XL switches, configuring SPAN

Catalyst 2950 switches, configuring IPS traffic capture with SPAN

Catalyst 2950/3550 and 3750 switches, configuring SPAN

Catalyst 3550 switches, configuring IPS traffic capture with SPAN

Catalyst 3750 switches, configuring IPS traffic capture with SPAN

Catalyst 4000/6000 switches running CatOS, configuring SPAN

Catalyst 4000/6000 switches running Native IOS, configuring SPAN

Catalyst 6500, IDSM-2 blade

     Command and Control port, configuring

     event generation, troubleshooting

     front panel indicator lights

     hardware issues on CatOS, troubleshooting

     hardware issues on Native IOS, troubleshooting

     hardware requirements

     installing

     Maintenance Partition, upgrading

     Promiscuous mode

         configuring

         troubleshooting

     re-imaging

     removing from switch

     serial cable, connecting

     signature update, installing

     slot assignment

     sniffing ports

     supported ports

     TCP reset

     upgrading to version 5.x

     user passwords, recovering

     VACL Capture

     versus IDS Appliance

categorizing CS ACS problem areas

CatOS, Native IOS show commands

CBAC (Context-Based Access Control)

     Active FTP connections, handling

     anti-spoofing configuration, best practices

     asymmetric routing, troubleshooting

     Cisco IOS code base, upgrading

     connection states

     connectivity, troubleshooting

     CPU utilization, verifying

     FAQs

     half-open connections, manipulating threshold values

     HTTP inspection, verifying dropped packets

     interaction with IPsec

     interoperability with NAT

     IP fragmentation, mitigating

     Java blocking, configuring

     misconfigured ACLs, troubleshooting

     misconfigured IP inspection, troubleshooting

     misconfigured NAT, troubleshooting

     multi-channel protocols

         inspecting 2nd

         securing

     packet drops, troubleshooting

     packet flow across routers

     performance, troubleshooting

     protecting inside network

     router security configuration, best practices

     single channel protocol inspection

         application-layer protocols

         ICMP

         SMTP

         UDP

     switching path, troubleshooting performance issues

     TCP SYN flood attacks, mitigating

     troubleshooting

     UDP connection timeout, selecting

     UDP inspection, troubleshooting

     URL filtering

         configuring

         troubleshooting

CEP (Certificate Enrollment Protocol), PKI

     configuring

     troubleshooting

CFG directory (CSA MC)

challenge-response-based authentication

changing database maximum event limit

check pointing CiscoWorks Common Services database

checking status of Firewall MC processes

CIDEE (Cisco Intrusion Detection Event Exchange)

CIFS access, configuring on VPN 3000 Concentrator series

circular blocks

Cisco AV-Pairs

Cisco IOS routers

     AAA

         accounting, configuring

         Auth-proxy, troubleshooting

         command authorization

         dial-up networking, troubleshooting

         exec authorization

         router management, troubleshooting

         VPDN case study

         X-Auth, troubleshooting

     IPsec VPNs

         PKI, troubleshooting

         Remote Access client VPN connections, troubleshooting

     NM-CIDS, managing

     RADIUS configuration, case study

     VPDN troubleshooting, case study

     VPNs, DMVPN

Cisco IOS Software, upgrading code base on CBAC routers

Cisco PIX firewalls [See PIX firewalls.]

Cisco Secure ACS mode (CiscoWorks Common Services)

Cisco Security Agent Management Center (CSA MC) license key

Cisco switches

     AAA

         802.1x FAQs

         authorization, troubleshooting

         IBNS

         PEAP configuration, case study

         switch management 2nd

     IBNSs

         IEEE 802.1x framework

CiscoWorks Common Services database

     backing up

     FAQs

     installing

         database management

         minimum requirements

         problems, troubleshooting

         user management issues

     license key, upgrading

     licenses, troubleshooting

     managing, best practices

     MDCSUPPORT

         files collected by

     MDCSupportInformation.zip file, file summary

     Privileges

     resolving DNS errors

     restore procedures 2nd

     Roles

     running on multi-homed machines

     user authentication, case study

     user management

CiscoWorks Common Services Desktop, launching on browser

CiscoWorks MDCSupportInformation.zip, file contents

classifier

clear crypto sa command

CLI (command-line interface)

     IPS sensors, licensing

clientless SSL VPN mode (VPN 3000 Concentrator series)

     configuring

     troubleshooting

closing NM-CIDS sessions

cluster redundancy on VPN 3000 Concentrator series

collecting MDCSupport file on Windows platform

combined sensor mode (IPS)

Command and Control port

     on IDSM-2

         5-minute output rate, checking

         configuring

     on NM-CIDS

         configuring

command authorization, troubleshooting on Cisco routers

commands

     capture

     clear crypto sa

     debug

     debug aaa accounting

     debug aaa authentication

     debug aaa authorization

     debug application-protocol

     debug commands, FWSM-related

     debug fixup tcp|udp

     debug icmp trace

     debug ip inspect

     debug pix process

     debug sanity

     debug tunnel

     diagnostic level complete

     for PIX flash file system

     intrusion-detection module

     ip port-map

     iplog

     nslookup

     packet

     ping

     recover application-partition

     service-module, connecting to NM-CIDS

     show aaa servers

     show aaa user

     show accounting

     show asp drop

     show authorization

     show blocks

     show commands

         for IPsec Phase 1 tunnel negotiations

         for IPsec Phase 2 tunnel negotiations

         FWSM-related

     show configuration

     show connection

     show cpu usage

     show crypto ipsec

     show crypto map

     show dot1x all

     show dot1x statistics

     show events

     show interfaces

     show ip inspect

     show local-host

     show localusers

     show module

     show output filters

     show radius

     show radius statistics

     show running config 2nd

     show running logging

     show security acl

     show service-policy 2nd

     show span

     show statistics

     show tacacs 2nd

     show tech-support 2nd

     show test

     show traffic

     show trunk

     show users

     show version 2nd 3rd 4th

     show vlan brief

     show xlate

     tcpdump

     telnet

     time-range

     traceroute

     winmsd

common services license key

commonly asked questions [See 802.1x, FAQs.]

communication architecture

     for CSA MC

     of Firewall MC

     of Router MC

     on IDS MC

communication protocols

     RADIUS

         authentication operation

         authorization operation

         configuring, case study

     TACACS+

         AAA packet flows

         accounting operation

         authentication operation

         authorization operation

         versus RADIUS

compacting

     CiscoWorks Common Services database

     CS ACS database

     CSA MC database

comparing RADIUS and TACACS+

compilation process for ACLs on FWSM

components of CSA 2nd

Conduit to Access-list Converter

configuration files

     for VPN 3000 Concentrator series

     sysvars.cf

configuring

     AAA

         best practices

         on Cisco switches, enable password authentication

     accounting

         on Cisco IOS routers

         on Cisco switches

     active/active failover on PIX Firewall

     alerts

     audits

     auth-proxy

     basic router security, best practices

     blocking

     CBAC anti-spoofing, best practices

     clientless SSL VPN mode on VPN 3000 Concentrator series

     Command and Control interface (NM-CIDS)

     connectivity

         on FWSM

         on PIX Firewall

     CS ACS

         AAA Client definition for VPN 3K

         domain controller mode

         replication 2nd

     email notification

     Firewall MC, Recovery Server

     FWSM

         failover

         multiple SVI interfaces 2nd

     GRE over IPsec

     Hairpinning

     IDM sensors, trusted hosts

     IDS MC, best practices

     IDSM-2

         Command and Control port

         Promiscuous mode

     IPS sensor, Inline mode

     IPsec LAN-to-LAN VPN tunnels 2nd

         crypto maps, creating

         transform sets

         tunnel groups

     IPsec over TCP

     Java blocking

     LAN-to-LAN tunnels on VPN 3000 Concentrator series

     LLQ on PIX Firewall

     local user authentication on VPN 3K

     login authentication

     MAPI Proxy on VPN 3000 Concentrator

     MBS

     MPLS IP IDS, IPS traffic capture

     NARs 2nd

     NAT-T

     NDS database with CS ACS

         troubleshooting

     NM-CIDS, time stamping

     packet capturing on NM-CIDS

     PEAP

         case study 2nd

         Machine Authentication

     PIX Firewall

         multiple context mode

         policing

         Remote Access VPN

     PKI

     RADIUS

         dynamic filters

         on Cisco IOS routers, case study

     Remote Access VPN connections on VPN 3000 Concentrator series

     RSPAN, IPS traffic capture

     sensors

         on IDS MC

         shunning, case study

     SPAN

         IPS traffic capture

         on Catalyst 2900/3600XL

         on Catalyst 2950/3550 and 3750

         on Catalyst 4000/6000 running CatOS

         on Catalyst 4000/6000 running Native IOS

     Split Tunneling

     SSL VPN on VPN 3000 Concentrator, Thick Client mode

     syslog on PIX Firewall

     TACACS+ on VPN 3K

     traceback on PIX Firewall

     transparent firewalls

         on PIX Firewall

     URL filtering

     VACL, IPS traffic capture

     VPN 3000 Concentrator series

         Cisco Secure ACS

         event classes

         group authentication with RADIUS

         Group feature

         Group Lock feature

         local group and user authentication

         RADIUS Server

     Windows NT/2000 Authentication, Unknown User Policy

connecting

     IPS sensor to network

     serial cable to IDSM-2

     to NM-CIDS console

connection block

connection states, CBAC

connectivity

     on CBAC, troubleshooting

     on FWSM

         configuring

         troubleshooting 2nd

     on IPS sensors, troubleshooting

     on PIX Firewall

         configuring

         displaying details

         troubleshooting

     testing with ping command

console access to NM-CIDS, troubleshooting

console port (NM-CIDS)

Context-Based Access Control [See CBAC (Context-Based Access Control).]

CONTINUE packets (TACACS+)

control connection

cooperation between SecOP and NetOP personnel

core dumps

     generating

         with Flash disk

         with FTP

         with rcp

         with TFTP

     testing configuration of

corrupt IDS MC licenses, troubleshooting

CP (control plane), FWSM architecture

CPU utilization

     on CBAC, verifying

     on FWSM, troubleshooting

     on PIX Firewall

         displaying

         troubleshooting

Cr directory (CSA MC)

creating

     buffer overflow exclusions

     crypto maps for LAN-to-LAN tunnels

     database rules

     DMVPN spoke-to-spoke tunnels

     dump text files

     dynamic crypto maps

     exceptions

     securitylog.txt file

     transform sets

CRSHDUMP.TXT file

Crypto Errors (CS ACS), resolving

crypto maps, creating for LAN-to-LAN tunnels

crypto socket creation problems (NHRP), troubleshooting

cryptographic algorithms

cryptographic-based authentication (EAP)

CS ACS (Cisco Secure Access Control Server)

     AAA Client definition for VPN 3K, configuring

     Active Directory integration

     application-specific roles

     as proxy server

     associated registries

     backing up

     best practices

     categorizing problem areas

     configuring

     database, compacting

     default NAS, adding

     domain controller mode, configuring

     domain stripping

     external user database integration, required components

     FAQs

     GUI, recovering lost passwords

     installing on Windows platform

     "Logged in Users" report

     NARs

         configuring 2nd

         troubleshooting

     NASs, bulk importing

     Novell IDS integration

         troubleshooting

     packet flow

     password encryption

     RADIUS Server, communicating with VPN 3K

     replication

         configuring 2nd

         troubleshooting

     SDI integration

         troubleshooting

     services, CSAdmin

     setup procedures for Router MC

     Shared File Components

     uninstalling

     upgrading on Windows platform

     user names, defining

     user/NAS import options

         exporting user and group information

         importing NAS to CS ACS database

         importing users to existing database

     users, deleting

CSA Agent

     application issues, troubleshooting

     communication with CSA MC, troubleshooting

     csainfo.bat utility

     debug mode, turning on

     disk usage, monitoring

     installation

         minimum requirements

         troubleshooting 2nd

     license, procuring

     log files

     policies

     polling issues, troubleshooting

     registration, troubleshooting

     removing from Windows systems

     rtrformat utility

     shims, disabling

     software, procuring

     stopping service

     update issues, troubleshooting

CSA MC (Cisco Security Agent Management Console)

     communication architecture

     database

         compacting

         manual backups, performing

         purging events from

         repairing

         restoring

     database maintenance

     default installation directory

     directory structure

     disaster recovery

     DRP

     installation

         best practices

         minimum requirements

         troubleshooting

     launching

         problems with, troubleshooting

         slow launches, troubleshooting

     license key, installing

     licenses

         importing

         procuring

         troubleshooting

     local database installation, troubleshooting

     log directory

     log files

     management model

     manually removing components

     registration

     remote database installation, troubleshooting

     uninstalling

     upgrading

         on same system

         on separate system

CSAdmin

csainfo.bat utility

csalog.txt file

csauser.dll, disabling

CSAuth

CSDBSync

CSLog

CSMon

CSRadius service

CSSupport utility, files included in Package.cab file

CSTacacs service

csutil.exe 2nd

     options