Nortel Networks NN46110-602 инструкция обслуживания
- Просмотреть online или скачать инструкцию
- 230 страниц
- 1.26 mb
Идти на страницу of
Похожие руководства по эксплуатации
-
Network Router
Nortel Networks NN47230-301
60 страниц 1.09 mb -
Network Router
Nortel Networks 5000i
54 страниц 0.77 mb -
Network Router
Nortel Networks Remote Gateway 50
260 страниц 3.99 mb -
Network Router
Nortel Networks 3050
15 страниц 0.31 mb -
Network Router
Nortel Networks 555-7101-215
64 страниц 0.58 mb -
Network Router
Nortel Networks 14.2
142 страниц 1.16 mb -
Network Router
Nortel Networks BSG12tw
66 страниц 3.34 mb -
Network Router
Nortel Networks 600r
52 страниц 0.96 mb
Хорошее руководство по эксплуатации
Законодательство обязывает продавца передать покупателю, вместе с товаром, руководство по эксплуатации Nortel Networks NN46110-602. Отсутствие инструкции либо неправильная информация, переданная потребителю, составляют основание для рекламации в связи с несоответствием устройства с договором. В законодательстве допускается предоставлении руководства в другой, чем бумажная форме, что, в последнее время, часто используется, предоставляя графическую или электронную форму инструкции Nortel Networks NN46110-602 или обучающее видео для пользователей. Условием остается четкая и понятная форма.
Что такое руководство?
Слово происходит от латинского "instructio", тоесть привести в порядок. Следовательно в инструкции Nortel Networks NN46110-602 можно найти описание этапов поведения. Цель инструкции заключается в облегчении запуска, использования оборудования либо выполнения определенной деятельности. Инструкция является набором информации о предмете/услуге, подсказкой.
К сожалению немного пользователей находит время для чтения инструкций Nortel Networks NN46110-602, и хорошая инструкция позволяет не только узнать ряд дополнительных функций приобретенного устройства, но и позволяет избежать возникновения большинства поломок.
Из чего должно состоять идеальное руководство по эксплуатации?
Прежде всего в инструкции Nortel Networks NN46110-602 должна находится:
- информация относительно технических данных устройства Nortel Networks NN46110-602
- название производителя и год производства оборудования Nortel Networks NN46110-602
- правила обслуживания, настройки и ухода за оборудованием Nortel Networks NN46110-602
- знаки безопасности и сертификаты, подтверждающие соответствие стандартам
Почему мы не читаем инструкций?
Как правило из-за нехватки времени и уверенности в отдельных функциональностях приобретенных устройств. К сожалению само подсоединение и запуск Nortel Networks NN46110-602 это слишком мало. Инструкция заключает ряд отдельных указаний, касающихся функциональности, принципов безопасности, способов ухода (даже то, какие средства стоит использовать), возможных поломок Nortel Networks NN46110-602 и способов решения проблем, возникающих во время использования. И наконец то, в инструкции можно найти адресные данные сайта Nortel Networks, в случае отсутствия эффективности предлагаемых решений. Сейчас очень большой популярностью пользуются инструкции в форме интересных анимаций или видео материалов, которое лучше, чем брошюра воспринимаются пользователем. Такой вид инструкции позволяет пользователю просмотреть весь фильм, не пропуская спецификацию и сложные технические описания Nortel Networks NN46110-602, как это часто бывает в случае бумажной версии.
Почему стоит читать инструкции?
Прежде всего здесь мы найдем ответы касательно конструкции, возможностей устройства Nortel Networks NN46110-602, использования отдельных аксессуаров и ряд информации, позволяющей вполне использовать все функции и упрощения.
После удачной покупки оборудования/устройства стоит посвятить несколько минут для ознакомления с каждой частью инструкции Nortel Networks NN46110-602. Сейчас их старательно готовят или переводят, чтобы они были не только понятными для пользователя, но и чтобы выполняли свою основную информационно-поддерживающую функцию.
Содержание руководства
-
Страница 1
Version 7.00 Part No. NN46110-602 315900-E Rev 01 February 2007 Document status: Standard 600 Technology Park Drive Billerica, MA 01821-4130 Nor tel VPN Router T r oub l eshooting[...]
-
Страница 2
2 NN46110-602 Copyright © 2007 Nortel Ne tworks. All rights reserved. The information in this document is subj ect to change without notice. The statements, config urations, technical d a ta, and recommendations in this docume nt are believ ed to be accura te and reliable, but are presen ted without e xpress or implied warranty . Users must take f[...]
-
Страница 3
3 Nortel VPN Router Tr oubleshoot ing Portions of the code in this softw are product may be Copyright © 1988, Regents of the Uni ver sity of California. All rights reserved. Redistrib ution and use in source and binary forms of such portions are permitted, p rovided that the abov e copyright notice and this paragraph are dupl icated in all such fo[...]
-
Страница 4
4 NN46110-602 3. Limitation of Remedies. IN NO EVENT SHALL NOR TEL NETWORKS OR ITS AGENTS OR SUPPLIERS BE LIABLE FOR ANY OF THE FOLLO WING: a) DAMA GES B A SED ON ANY THIRD P AR TY CLAIM; b) LOS S OF , OR D AMAGE T O, CUSTOMER’S RECORDS, FILES OR D A T A; OR c) DIRECT , INDIRECT , SPECIAL, INCIDENT AL, PUNITIVE, OR CONSEQUENTIAL D AMA GES (INCLUD[...]
-
Страница 5
5 Nor tel VPN Router T roubleshootin g Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Bef ore you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 T ext conv entions . . . . . . . . . . . . . . . . . . .[...]
-
Страница 6
6 Contents NN46110-602 Configuring SNMP traps to send notification when an IP address pool reaches the configured threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Chapter 2 Status and logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Sessions [...]
-
Страница 7
Contents 7 Nor tel VPN Router T roubleshootin g Using SFTP to transfer back u p files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Stopping the transf e r of backup files using S FTP . . . . . . . . . . . . . . . . . . . . . . 59 Disabling new logins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Страница 8
8 Contents NN46110-602 System problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Solving routing problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Client address redistribution problems . . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Страница 9
Contents 9 Nor tel VPN Router T roubleshootin g Viewing a pack et c apture outpu t file on a PC . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Installing Ethereal software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Saving, downloading, and viewing PCAP files . . . . . . . . . . . . . . . . . . .[...]
-
Страница 10
10 Contents NN46110-602 Appendix B Using serial PPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Establishing a serial PPP connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 65 Setting up a Dia l-Up Networ king co nnection . . . . . . . . . . . . . . . . . . . . . [...]
-
Страница 11
Contents 11 Nor tel VPN Router T roubleshootin g IPX client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223 Windows 95 and Windows 98 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224 Windows NT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Страница 12
12 Contents NN46110-602[...]
-
Страница 13
13 Nor tel VPN Router T roubleshootin g Figures Figure 1 Admin > SNMP T raps window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Figure 2 Event logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Figure 3 Capture an d display filters . . . . . . . . . . . . . . . . . .[...]
-
Страница 14
14 Figures NN46110-602[...]
-
Страница 15
15 Nor tel VPN Router T roubleshootin g Ta b l e s T able 1 Field IDs for data collection r ecords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 T able 2 T roubleshooti ng tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 T able 3 T rap catego rie s . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Страница 16
16 Tables NN46110-602[...]
-
Страница 17
17 Nortel VPN Rout er Troubleshooting Preface This guide provides information about how to manage and trou bleshoot the Nortel VPN Router . Bef ore you begin This guide is for network managers wh o monitor and mainta in the Nortel VPN Router . This guide assumes that you ha ve experience with system administration and familiarity with netw ork mana[...]
-
Страница 18
18 Prefac e NN46110-602 braces ({}) Indicate required elements in syntax descripti ons where there is more than one optio n. Y ou must choose only one of the options. Do no t type the bra ces when entering the command. Example: If the command syntax is ldap-server source {external | internal} , you must enter either ldap-server source external or l[...]
-
Страница 19
Preface 19 Nortel VPN Router Tr oubleshoot ing Acr onyms This guide uses the follo wing acronyms: vertical line ( | ) Separates choices for command keywords and arguments. En ter only one of the choices. Do not type the vertical line when entering the command. Example: If the command syntax is terminal paging { off | on } , you enter either termina[...]
-
Страница 20
20 Prefac e NN46110-602 L2TP Layer 2 T unneling Proto col LAN local area network LD AP Lightweight Directory Access Protocol N A T Network Address T ranslation OSI Open Systems Interconnection OSPF Open Shortest Path First P AP Passw ord Authentication Protocol PCAP packet capture PDN public data netw ork POP point of presence PPP Point-to-Point Pr[...]
-
Страница 21
Preface 21 Nortel VPN Router Tr oubleshoot ing Related publications For more information about the Nort el VPN Router, see the follo wing publications: • Release notes prov ide the latest inform ation, including brief descriptions of the ne w features, problems fix ed in this release, and kno wn problems and workarounds. • Nortel VPN Router Con[...]
-
Страница 22
22 Prefac e NN46110-602 Har d -copy tec hnical manuals Y ou can print selected technical manuals and release notes free, directly from the Internet. Go to www .nortelnetworks.com/documentation , find the product for which you need do cumentation, then lo cate the specif ic category and model or version for your hardw are or software product. Use Ad[...]
-
Страница 23
Preface 23 Nortel VPN Router Tr oubleshoot ing Getting help fr om the Nor tel W eb site The best way to get techni cal support for Nortel products is from the Nortel T echnical Support W eb site: www .nortel.com/support This site provides quick access to softw are, documentation, bulletins, and tools to address issues with Nortel prod ucts. From th[...]
-
Страница 24
24 Prefac e NN46110-602 Getting help thr o ugh a Nor t el distributor or reseller If you purchased a service contract for you r Nortel product from a distrib utor or authorized reseller , contact the technica l support staff for that distrib utor or reseller .[...]
-
Страница 25
25 Nortel VPN Rout er Troubleshooting Ne w in this release The follo wing section details what is new in Nortel VPN Router T r oubleshooting for Release 7.0. Features See the follo wing sections for in formation about feature changes: • SNMP traps when an IP address pool reaches the configured threshold • Automatic backups • PCAP enhancements[...]
-
Страница 26
26 New in this release NN46110-602 A utomatic backups Y ou can now back up a f ile or a directory , as well as trigger a backup, when a f ile changes. Previously , yo u could only back up system, configuration, and log files. Y ou can use either the graphical user interface (GUI) or the command line interface (CLI) to conf igure automated backup. Y[...]
-
Страница 27
27 Nortel VPN Rout er Troubleshooting Chapter 1 VPN Router administration This chapter introduces administrator se ttings, tools, system conf iguration, and file management. It also include s information about SNMP traps. Administrator settings The VPN Router supports multiple administ rators. Y ou can assign dif ferent rights to allo w or prev ent[...]
-
Страница 28
28 Chapter 1 VPN Router adm inistration NN46110-602 Y ou use the Administrator Settin gs window to do the follo wing : • change the primary admi nistrator user ID and passw ord • control the Administrator Idle T i meout Setting for all administrators • control the default language • control the serial port settings There is only one primary[...]
-
Страница 29
Chapter 1 VPN Router administration 29 Nortel VPN Router Tr oubleshoot ing Dynamic pass w ord T wo types of administrative users exist on the VPN Router: • one super -user (Administrator) • as many administrati ve users as needed There is dynamic password support for administrati ve users only . The Administrator still requires a static passw o[...]
-
Страница 30
30 Chapter 1 VPN Router adm inistration NN46110-602 The T raceroute tool measure s a network ro und-trip delay . Messages are sent per hop and the wait occurs between each message. If the address is unreachable, it uses the following formula to determin e how long it takes for the Traceroute to time out. maximum hops (30) x the wait timeout (5) x 3[...]
-
Страница 31
Chapter 1 VPN Router administration 31 Nortel VPN Router Tr oubleshoot ing Simple Netw ork Management Protocol (SNMP) Use the Admin > SNMP window to do t h e follo wing: • designate the remote SNMP management stations that are authorized to send SNMP Gets to the VPN Ro uter • enable specif ic MIBs SNMP counters meas ure packet attrib utes ba[...]
-
Страница 32
32 Chapter 1 VPN Router adm inistration NN46110-602 The traps displayed on the g roup window s—in particular the Hardware T rap Configuration and the Service T rap Conf iguration windows—reflect the hardw are and software av ailable on your VPN Router. F or example, if you ha ve a VPN Router with no W AN interf ac e cards, the traps for W AN in[...]
-
Страница 33
Chapter 1 VPN Router administration 33 Nortel VPN Router Tr oubleshoot ing Figure 1 Admin > SNMP T raps windo w 2 Enter a host name or IP address in the Host Name or IP Addr ess text box. 3 Enter a name in the Community Name te xt box. 4 Click Enable . 5 Click OK . 6 Under the Tr a p G r o u p s section on the SNMP T raps windo w , click Configu[...]
-
Страница 34
34 Chapter 1 VPN Router adm inistration NN46110-602 T o configure the amount: CES(config)# ip local pool exhausted- amount <amount>[...]
-
Страница 35
35 Nortel VPN Rout er Troubleshooting Chapter 2 Status and logging The Status windo ws show which users are logged on, their traff ic demands, and a summary of the VPN Router’ s hardw are configuration, including a v ailable memory and disk space. The statu s windo ws include: • Sessions •R e p o r t s •S y s t e m • Health check • Stat[...]
-
Страница 36
36 Chapter 2 Status and logging NN46110-602 Most e vents are sent to the e vent log f irs t. Significant e vents from the e vent log are sent to the system log. (N ot all data that the system log sa ves comes from the e vent log.) From the system log, the VPN Router f ilters security entries for the security log and conf iguration entries fo r the [...]
-
Страница 37
Chapter 2 Sta tus and logging 37 Nortel VPN Router Tr oubleshoot ing If you ha ve multiple VPN Routers throughou t the world, use the Greenwich Mean T ime (GMT) standard to synchronize the v arious log files so that the timestamps are directly comparable. System The Status > System windo w shows the VPN Router’ s up time, software and hardware[...]
-
Страница 38
38 Chapter 2 Status and logging NN46110-602 Accounting The accounting log provides information ab out user sessi ons. This log provides last and first names, user ID, tunnel ty pe, session start and end dates, and the number of packets and b ytes transferred. Y ou can use most of these fields to search the log. Accounting recor ds Accounting record[...]
-
Страница 39
Chapter 2 Sta tus and logging 39 Nortel VPN Router Tr oubleshoot ing The data collection system stores records in te xt-bas ed files stored in the system/ dclog subdirectory . The system stores the most recent 60 days of data. The system stores daily files, summary files, and summary history f iles. Ongoing administration tasks include monitoring t[...]
-
Страница 40
40 Chapter 2 Status and logging NN46110-602 • Summary file that al ways has exactly f i ve records containing summary data in a file called summary .dc. These values are used to gi ve historical graphs and reports about specific v alues. • Summary history file that contains reco rds re presenting cumu lativ e daily data for the most recent 60 d[...]
-
Страница 41
Chapter 2 Sta tus and logging 41 Nortel VPN Router Tr oubleshoot ing Logs The VPN Router has se veral logs that pr ov ide dif ferent lev els of information. The logs are stored in text files and indicate what happened, wh en the e vent occu rred, and the IP address and user ID of the person causing the e vent. Event log The e vent log is a detailed[...]
-
Страница 42
42 Chapter 2 Status and logging NN46110-602 As the e vent log adds inform ation, the oldest entries are ov erwritten. The ev ent log retains the latest 2000 entries and dis cards old entries when it is refreshed. T o configure e vent logging: 1 Select Status > Event Log . The Event Log wi ndow appears. (Figure 2) Figure 2 Even t logs 2 In the Sa[...]
-
Страница 43
Chapter 2 Sta tus and logging 43 Nortel VPN Router Tr oubleshoot ing Figure 3 Capture and dis play f ilters 5 Y ou configure the capture f ilter and di splay filter using Entity-Subentity or Se verity . T o configure the capture f ilter or display filter: a Click Conf igure Captur e Entity or Configur e Display Entity . Figure 4 sho ws the Configur[...]
-
Страница 44
44 Chapter 2 Status and logging NN46110-602 Figure 4 Configure Display Entity b Select an Entity from the list. c Select a Subentity from the list. d Click Add to add the selected entity-s ubentity pair to the filter . e Click Accept to complete your changes to the filter . f Click Remove to delete a selected it em from the list. g Click Conf igure[...]
-
Страница 45
Chapter 2 Sta tus and logging 45 Nortel VPN Router Tr oubleshoot ing System log The system log contains all system ev ents that are considered significant enough to be written to disk, including those disp layed in the conf iguration and security logs. Events that appear in the system log include: • LD AP acti vity • conf iguration activity •[...]
-
Страница 46
46 Chapter 2 Status and logging NN46110-602 • communications with servers •L D A P • Remote Authentication Dial-In User Service (RADIUS) Configuration log The Conf iguration log records all configuration changes. For example, it tracks adding, modifying, or d e leting the follo wing conf iguration parameters: • group or user profiles • LA[...]
-
Страница 47
47 Nortel VPN Rout er Troubleshooting Chapter 3 Administrative tasks This chapter describes administrativ e task s that help you operate the VPN Router. These tasks provide details on scheduling backups, up grading the software image, saving conf iguration files, performing f ile maintenance, creating recov ery diskettes, and system shutdo wn. Shut[...]
-
Страница 48
48 Chapter 3 Administrative tasks NN46110-602 Reco ver y In the unlikely e vent that there is a hard disk crash, use the Reco very windo w to configure a reco very diskette to restore the software image and f ile system to the hard driv e of the VPN Router. The recovery diskette is included with your VPN Router. Y ou can also use this windo w to cr[...]
-
Страница 49
Chapter 3 Administrative tasks 49 Nortel VPN Router Tr oubleshoot ing This supplies a minimal conf iguration u tility so that you can vie w the VPN Router from a W eb browser . 3 In the W eb bro wser , enter the management IP address of the VPN Router. The Recovery Diskette window appears, which you can use to: — restore the factory defa ult conf[...]
-
Страница 50
50 Chapter 3 Administrative tasks NN46110-602 • Select Restor e Factory Conf iguration , then click Restore to return the VPN Router to its original factory def ault co nfiguration. This erases data co ntained in flash memory and also in the configuration f ile. An online message specifies the result of the Factory Conf iguration reset action. ?[...]
-
Страница 51
Chapter 3 Administrative tasks 51 Nortel VPN Router Tr oubleshoot ing Y ou can use a new f actory default softwa re image and f ile system to restore the VPN Router’ s hard disk. Specify the name or address and path of the network f ile server ont o which the softwa re from the Nortel CD is installed. T o view the serial numb er when the VPN Rout[...]
-
Страница 52
52 Chapter 3 Administrative tasks NN46110-602 12 Click Synchr onize to immediately syn c hronize the primary and second ary disks. Thereafter , the disks auto matically synchronize e very hour . 13 From the list, select the driv e on which you want to upgrade the syste m boot software. 14 If the system boot sect or is corrupted, click Upgrade to re[...]
-
Страница 53
Chapter 3 Administrative tasks 53 Nortel VPN Router Tr oubleshoot ing Y ou must create a directory on the File T ransfer Protocol (FTP) or Secu re File T ransfer Protocol (SFTP) server before running automatic backup. If you specify a path in the Admin > Auto backup windo w and the directory does not exist on the FTP or SFTP serv er, the automat[...]
-
Страница 54
54 Chapter 3 Administrative tasks NN46110-602 T o enable automatic backup when a file or a directory changes: 1 Select Admin > A uto Backup . The Automatic Backup window appears. (Figure 6) Figure 6 Automatic back up window 2 Click Enabled to enable the associated host backup f ile server . 3 Enter the backup f ile server host name or IP address[...]
-
Страница 55
Chapter 3 Administrative tasks 55 Nortel VPN Router Tr oubleshoot ing 7 T o back up at certain interv als of time, click Interval and in the Interval text box specify in hours the time peri od af ter which the system automatically backs up changed files. The minimum in terval is 1 hour , and the maximum is 8064 (336 days). The def ault is 5 hours. [...]
-
Страница 56
56 Chapter 3 Administrative tasks NN46110-602 Figure 7 Specific A utomatic Backup windo w 14 T o see the list of f iles for a directory , highlight the name of a directory and click Display . The fil es for that directory appear in the Files list. 15 T o select the file th at you want to back up, hig h light the name of the f ile and click Select .[...]
-
Страница 57
Chapter 3 Administrative tasks 57 Nortel VPN Router Tr oubleshoot ing 22 Click Backup to run the backup to each enabled server now . This action also synchronizes the hard disk dri ves when there is more than one hard driv e in a device. Otherwise, the hard disks synchronize automatically every 60 minutes. A ne w windo w appears with the backup inf[...]
-
Страница 58
58 Chapter 3 Administrative tasks NN46110-602 Backing up specific f iles and directories T o back up specific f iles and directorie s, with the option to delete them after backup, enter: exception backup advanced {1 | 2 | 3 } {full | partial | specific [<file-path> ] [overwrite] [delete]} For e xample, to set the target of the ex ception back[...]
-
Страница 59
Chapter 3 Administrative tasks 59 Nortel VPN Router Tr oubleshoot ing Stopping the backup of c hanges to specific files or directories T o stop backing up the changes for specif ic files or directories for a particular server , enter: no exception backup advanced {1 | 2 | 3} specific For e xample, to stop backing up files th at changed in backup se[...]
-
Страница 60
60 Chapter 3 Administrative tasks NN46110-602 Disabling ne w logins Y ou can prev ent clients from connec ting to the VPN Router without af fecting the users currently connected b y using this feature to disable ne w logins. When new logins is disabled, no ne w IP sec connections are established. T o disable ne w logins: 1 Select Admin > Shutdo [...]
-
Страница 61
Chapter 3 Administrative tasks 61 Nortel VPN Router Tr oubleshoot ing • Nortel W eb site • your o wn FTP site if you previously do wnloaded the software from the Nortel FTP site • Nortel software CD If an FTP serv er does not use standard FTP port numbers, you canno t use it to do wnload FTP servers for Nortel software . For more information,[...]
-
Страница 62
62 Chapter 3 Administrative tasks NN46110-602 Before you upgrade your software, use o n e of the follo wing methods to make sure there is enough av ailable disk space: • From the GUI, select Status > Statistics > File System . The last line lists the free space on the disk. • From the CLI, enter show status statistics system f ile-system [...]
-
Страница 63
Chapter 3 Administrative tasks 63 Nortel VPN Router Tr oubleshoot ing 5 Ty p e 5 ( Create A User Control Tunnel (IPsec) Profile ). 6 Enter the user ID that you plan to use to log in remotely to the VPN Router . 7 Enter the password that you plan to use. 8 Enter the password ag ain. 9 When you are prompted for an IP addre ss, you can enter a static [...]
-
Страница 64
64 Chapter 3 Administrative tasks NN46110-602 b Click Backup to start the backup immediately . This sav es your entire hard driv e, incl uding the LD AP and configuration f iles. Retrieving the ne w software For V ersion 4.80 and later , the VPN Ro uter release image is a vailable in a compressed .zip file so that each individu al f ile does not do[...]
-
Страница 65
Chapter 3 Administrative tasks 65 Nortel VPN Router Tr oubleshoot ing Figure 9 sho ws an example upgrade to V04_80.114 from server 192.32.250.64. The file V04_80.114.tar .gz must be located at the root of the FTP directory . Figure 9 FTP menu e xample When you FTP to the FTP serv er from another PC, you see the location of the file. D:ftp>ftp 1[...]
-
Страница 66
66 Chapter 3 Administrative tasks NN46110-602 • User ID: type the login ID required to gain access to the FTP server where the ne w VPN Router software is located. • Passw ord and Confirm Passw ord: type the password (twice) that corresponds to the user ID you just entered. 4 After filling in all the required f ields, click Retriev e new versio[...]
-
Страница 67
Chapter 3 Administrative tasks 67 Nortel VPN Router Tr oubleshoot ing — Response Timeout f or RADI US A ccounting Server — External RADIUS Accounting Server b Click OK . Applying the software After you start the apply process, do not make any qu eries on the VPN Router. Queries try to access f iles and can cause problems during the upgrade proc[...]
-
Страница 68
68 Chapter 3 Administrative tasks NN46110-602 6 Select a system shutdo wn type of None and cl ick OK . Y ou have successfully upgraded your switch.[...]
-
Страница 69
69 Nortel VPN Rout er Troubleshooting Chapter 4 T r oubleshooting This chapter introduces the concepts and practices of advanced network configuration and troubleshooting fo r the Nortel VPN Router. Its purpose is two-fold: to pro vide configuration details to consult when setting up or modifying the extranet, and to serv e as a resource when diagn[...]
-
Страница 70
70 Chapter 4 Troubl eshooting NN46110-602 T roubleshooting remote access problems typica lly starts at the client end when the remote user cannot establish a connection, loses a connection, or has diff iculty bro wsing the network or printing. When connectivity prob lems occur and the source of the problem is unkno wn, it is usually best to follo w[...]
-
Страница 71
Chapter 4 Tr oubleshooting 71 Nortel VPN Router Tr oubleshoot ing Microsoft Point-to-Point T unneling Pr otocol (PPTP) Dial-Up Network ing Monitor provides network statistics on device, connection, and network protocols that help monitor traf fic flow and a ssess PPTP connection performance. For more information on the PPTP Dial-Up Networking Monit[...]
-
Страница 72
72 Chapter 4 Troubl eshooting NN46110-602 Solving connectivity pr oblems This section lists man y of the common co nnecti v ity problems that occur and their recommended solutio ns. Problems, and some typica l client user response s that can help with diagnosis, are categorized as follo ws: Modem and dial-up prob lems “I cannot bro w se the W eb [...]
-
Страница 73
Chapter 4 Tr oubleshooting 73 Nortel VPN Router Tr oubleshoot ing 1 Confirm that the modem is attached and working properly by running a terminal emulation program at thei r remote workstation, such as, Hyperterminal*, and issuing the A T command. If the response is AT O K , the modem is operating correctly . 2 V erify that there is a PPP dial-u p [...]
-
Страница 74
74 Chapter 4 Troubl eshooting NN46110-602 Remote host not responding Cause: This indicates that the VPN Router ne ver respon ded to the IPsec connection attempt or that User Datagram Protocol (UDP) port 500 is blocked. Action: V erify that the VPN Router is accessible by pinging the host name or IP address that you f illed in the destin ation field[...]
-
Страница 75
Chapter 4 Tr oubleshooting 75 Nortel VPN Router Tr oubleshoot ing Action: V erify that the user name you entere d is correct and retype the password before trying the con nection again. No proposal c hosen Cause : The VPN Router you are connecting to is not configured to handle the authentication method configured un der the current connection prof[...]
-
Страница 76
76 Chapter 4 Troubl eshooting NN46110-602 Action: Click Connect to re-establish the extranet connection. If this works, the connection was probably lost due to th e Idle T imeout conf igured on the VPN Router. If no data is transferred through the e xtranet connectio n for a long period of time, normally 15 minutes or more, th e VPN Router automati[...]
-
Страница 77
Chapter 4 Tr oubleshooting 77 Nortel VPN Router Tr oubleshoot ing Action: V alidate that the VPN Client is configured with a DNS entry . For W indo ws NT 4.0, open a command prompt and enter ipconfig/all . V erify that a DNS server entry is listed. For W indows 95, from the Start menu on the task bar , select Run and enter winipcfg . Select Nortel [...]
-
Страница 78
78 Chapter 4 Troubl eshooting NN46110-602 Cannot access W eb servers on the Internet afte r establishing a VPN Client connection Cause : For both PPTP and IPsec, this condition occurs as a result of all network traf fic passing through the corporate network. T ypically , f irewalls and other security measures on the corporate network limit access t[...]
-
Страница 79
Chapter 4 Tr oubleshooting 79 Nortel VPN Router Tr oubleshoot ing Alternati vely , on NT 4.0, W indows 98, and W indows 95, compl e te the follo wing steps to change your workstation to be a member of a workgroup instead of a domain: 1 From the Start menu, select Settings > Contr ol Panel . In the Contr ol Panel , double-click Network . The Netw[...]
-
Страница 80
80 Chapter 4 Troubl eshooting NN46110-602 • Start from the top do wn to go in the opposite direction, looking at PPP first and working down to the ph ysical connection. An im portant point to remember when taking this approach is that at the higher protocol layers, there are more options to misconfigu re, b ut changing them is easie r and general[...]
-
Страница 81
Chapter 4 Tr oubleshooting 81 Nortel VPN Router Tr oubleshoot ing Check the HDLC framing Assuming that the T1/V .35 interface is op erating correctly , use the follo wing steps to determine whether the HDLC layer is up and runnin g properly , and to pro vide information for Nortel Customer Support for further diagnosis: 1 Check that there are no in[...]
-
Страница 82
82 Chapter 4 Troubl eshooting NN46110-602 4 If the PPP layer still does not come up, enable the interface debugger to generate large amounts of packet tr aces in the e vent log. Report this information to Nortel Customer Support for further diagnosis. Har dware encryption a ccelerator connectivity If the hardware encryption accelerator fails, all s[...]
-
Страница 83
Chapter 4 Tr oubleshooting 83 Nortel VPN Router Tr oubleshoot ing • DHCP Server assigns IP addresses to clients • WINS Server pro vides a translation of the NetBIOS domain name to the IP address • DNS Serve r provides a tran slation of the IP Host name to the IP address • Master Bro wser is an elected host that maintains lists of all NetBIO[...]
-
Страница 84
84 Chapter 4 Troubl eshooting NN46110-602 The client system’ s NetBIOS name must be unique in the priv ate network to which the client is connecting. Do not us e the same name as your of fice desk top machine or something like my computer . Uniqueness is required. What is the preferred wa y to access neighbors on the network? Microsoft recommends[...]
-
Страница 85
Chapter 4 Tr oubleshooting 85 Nortel VPN Router Tr oubleshoot ing The rene wal interval go verns ho w often a c lient must reregister its name with the WINS server . It begins trying at one-half of the renewal interv al. The extinction interv al governs the length of time betwee n when a client name is released and when it becomes extinct. These in[...]
-
Страница 86
86 Chapter 4 Troubl eshooting NN46110-602 In the WINS mappings entry , enter a show database command. Note the entry for -__MSBR O WSE__. This is the machine that is actually the elected master bro w ser , and it changes frequently . If this en try is pointing to an in v alid machine, it can cause problems. Can I control which mac hi ne is the mast[...]
-
Страница 87
Chapter 4 Tr oubleshooting 87 Nortel VPN Router Tr oubleshoot ing T o specify a computer as the preferred master browser , set the parameter for IsDomainMasterBrowser to T rue or Y e s in the following registry path: HKEY_LOCAL_MACHINESystemCurrentCo ntrolSetServicesBrowser Parameters Unless the computer is configured as the preferred master [...]
-
Страница 88
88 Chapter 4 Troubl eshooting NN46110-602 When 10.1.2.3 broadcas ts to find a network neighbor , it (incorrectly) sen ds to 10.255.255.255. Normal rou ting functionality does not fo rward such a pack et. The VPN Router finds the best match among its physical interfaces (10.1 in this case) and modifies the broadcast to be corr ect for that interf ac[...]
-
Страница 89
Chapter 4 Tr oubleshooting 89 Nortel VPN Router Tr oubleshoot ing After about 10 to 15 seco nds, NetBIOS gi ves up on the primary interf ac e, mov es to the correct tunnel interface, and st arts to bro wse the Network Neighborhood. Why can't I br owse another c l ient in a different tunnel? Cause: If you are not using a WINS serv er, this is n[...]
-
Страница 90
90 Chapter 4 Troubl eshooting NN46110-602 Y ou must create a connection definition fo r your initial Internet link through your service provider . A separate connection defin ition is needed for creating the PPTP tunnel. A co mmon configuration pro b lem ex perienced during initial PPTP setup is the failure to select the PPTP VPN adap ter (instead [...]
-
Страница 91
Chapter 4 Tr oubleshooting 91 Nortel VPN Router Tr oubleshoot ing My downloaded DNS server s for m y tunnel connection do not wo r k Cause: The Microsoft Windo ws 95/98 an d W indows NT operating systems attempt to ping ne w DNS servers before addi ng them to the current list of servers. Action: As a quick test, try to ping (with the tunnel connect[...]
-
Страница 92
92 Chapter 4 Troubl eshooting NN46110-602 • How to T roubleshoot TCP/IP Connectivity with W indows NT • Remote Access Service (RAS) Error Code List for W indo ws NT 4.0 • RAS Error 720 When Dialing Out • T roubleshooting PPTP Connecti vity Issues in W indo ws NT 4.0 • PPTP Registry Entries • Connecting to Network Reso urces from Multiho[...]
-
Страница 93
Chapter 4 Tr oubleshooting 93 Nortel VPN Router Tr oubleshoot ing • For Acti veX Scripts, Ja va , and Jav aSc ript*, you must enable both Acti veX and Jav a programs in Internet Explorer , and enable both Jav a and Jav aScript in Netscape Communicator for proper VPN Router W eb management windo ws. These options are enabled b y default on both W [...]
-
Страница 94
94 Chapter 4 Troubl eshooting NN46110-602 Clearing y our Web br ow ser cac he when upgrading T o av oid problems when upgrading softw are revision levels, Nort el recommends that you clear your bro wser cache and exit the bro wser and all associate d windo ws (such as mail and ne w s readers). See the following section for bro wser cache clearing i[...]
-
Страница 95
Chapter 4 Tr oubleshooting 95 Nortel VPN Router Tr oubleshoot ing Document not found messa g e Cause: This message is returned when the HTTP ser ver ca nnot find the requested window . This can happen because th e Jav a navigation index f ile is out of synch with the rest of the system. A corrupted or incorrectly cached inde x file can also cause t[...]
-
Страница 96
96 Chapter 4 Troubl eshooting NN46110-602 Action: Close help windo ws after vie wing them. Distorted backgr ound images Cause: In Netscap e versions prior to 4.0, where you configured your W ind ows 95, W indows 98, or W indo ws NT system for 8-bit color (256 colors or less), images can appe ar distorte d in the navigational area. Action: T o av oi[...]
-
Страница 97
Chapter 4 Tr oubleshooting 97 Nortel VPN Router Tr oubleshoot ing Action: If necessary , remo ve the front bezel as described in the installation guide, then push the bottom of the po wer supply in to reseat it. Cannot con vert from an intern al address pool to an e xternal DHCP server Cause: Y ou cannot conv ert IP address distri bution from an in[...]
-
Страница 98
98 Chapter 4 Troubl eshooting NN46110-602 Action: Po we r-c ycle the system using the gr een p o w er button on the back of the VPN Router. Solving r outing prob lems The following sections describe routin g problems. Client address redistrib ution prob lems The number of current Utunnel host user s can display more than the configur ed maximum. Ca[...]
-
Страница 99
Chapter 4 Tr oubleshooting 99 Nortel VPN Router Tr oubleshoot ing Solving firewall pr ob lems An error occurred whil e par sing the policy Description: The polic y that you are attempting to view or edit cannot be opened because it does not conform to the required format. This is caused by an error in the LD AP database or a problem with the connec[...]
-
Страница 100
100 Chapter 4 Troubleshoo ting NN46110-602 A uthorization failed. Please tr y again. Description: This error occurs when the wron g authentication credentials are entered. The user is re-prompted for creden tials until they are either correct or the user clicks Cancel. Action: No action required. Unable to communicate with the VPN Router Descriptio[...]
-
Страница 101
Chapter 4 Troublesho oting 101 Nortel VPN Router Tr oubleshoot ing Action: T o ensure that the most current data is loaded: 1 Close the current polic y , if opened. Sa ving is not permitted until this error is remedied. 2 From the polic y selection window , select All from the Refr esh menu. System files were not loaded pr operly Description: This [...]
-
Страница 102
102 Chapter 4 Troubleshoo ting NN46110-602[...]
-
Страница 103
103 Nortel VPN Rout er Troubleshooting Chapter 5 P ac ket capture Pack et capture (PCAP) is a troubleshooting to ol that network administrators and customer support person nel use, in conjunc tion with other t ools such as statistics, logging, networ k analyzers, and testers, to remotely troubleshoot VPN Router and network problems. Packet capture [...]
-
Страница 104
104 Chapt er 5 Packet capture NN46110-602 PCAP initially occurs to the RAM b uffer . A lo w priority task writes the RAM buf fer to disk f iles, called the disk capture files. Alth ough yo u can set the maximum size of this file, when the maximum f ile size is reached, PCAP can continue writing the captured data. Y ou specify the directory where to[...]
-
Страница 105
Chapter 5 Packet captur e 105 Nortel VPN Router Tr oubleshoot ing • limit the traff ic that the filters capture • automatically start and stop packet capture wi th triggers Security features Pack et capture on the VPN Router prov ides the follo wing features to e nhance security: • Packet capture is disabled by default. Y ou can enable packet[...]
-
Страница 106
106 Chapt er 5 Packet capture NN46110-602 Capture types The VPN Router captures pack ets from the follo wing sources: • Physical interfaces, includi ng the following: — Asynchronous dig ital subscriber line (ADSL)/asynchronous transfer mode (A TM) — Fast Ethernet and Gigabit Ethernet, including traf fic that i s not directed to the VPN Router[...]
-
Страница 107
Chapter 5 Packet captur e 107 Nortel VPN Router Tr oubleshoot ing T unnel captures sav ed to disk are encap sulated with raw IP encapsulation. When you con vert these f iles to file formats th at d o not support ra w IP encapsulation (including Snif fer), L2 encapsulation is required. Y ou can configure a capture object for an e x isting tunnel or [...]
-
Страница 108
108 Chapt er 5 Packet capture NN46110-602 A global IP capture object captures pa ckets beginning from the IP header; no Layer 2 header is sav ed in the capture f ile. Because both encrypted and decrypted packets are captured, global IP packet capture is useful in trou bleshooting certain VPN issues. Filters and trig g ers Y ou can apply existing in[...]
-
Страница 109
Chapter 5 Packet captur e 109 Nortel VPN Router Tr oubleshoot ing •A start trigge r causes the sy stem to wait for a spe cific pack et before it starts saving pack ets to the capture buf fe r . •A stop trigger causes the system to stop saving traf fic in the capture buf fer after a specific packet matching the st op trigger is enco untered. The[...]
-
Страница 110
110 Chapt er 5 Packet capture NN46110-602 Y ou can create new capture objects un til the maximum block size reaches 25 Mbyte. (The VPN Router does no t allow you to reduce the maximum block size to less than 25 Mbyte.) If you all ocate too much memory to pa cket capture b uffe rs, you recei ve an error message suggesting a smaller buf fer size. T o[...]
-
Страница 111
Chapter 5 Packet captur e 111 Nortel VPN Router Tr oubleshoot ing • Delete a capture object or capture files when you n o longer need them to free up memory or disk space. • Do not run capture objects for physical interfaces or tunnels at the sa me time that you run the glo bal IP capture object (some packets are capt ured more than once). Enab[...]
-
Страница 112
112 Chapt er 5 Packet capture NN46110-602 6 Enter the administrator’ s user name and password. Please enter the administrator's use r name: admin Please enter the administrator's pas sword: ***** The serial main menu appears. Main Menu: System is currently in NORMAL mode. 1) Interfaces 2) Administrator 3) Default Private Route Menu 4) D[...]
-
Страница 113
Chapter 5 Packet captur e 113 Nortel VPN Router Tr oubleshoot ing 10 If you want, you can now change the VPN Router administrator password . CES# configure terminal Enter configuration commands, one pe r line. End with Ctrl/z. CES(config)# adminname <admin_name> password <new_pass word> CES(config)# exit CES# After you enable packet cap[...]
-
Страница 114
114 Chapt er 5 Packet capture NN46110-602 For e xample, enter: CES(capture-ethernet) #filepath /ideX/system/log Setting the size of the RAM buff er T o set the RAM buf fer size, from CLI Capture Configuration Mode enter: buffersize < size > where size is the size of the RAM buf fer . For e xample, enter: CES(capture-ethernet) #buffersize 1048[...]
-
Страница 115
Chapter 5 Packet captur e 115 Nortel VPN Router Tr oubleshoot ing For e xample, enter: CES(capture-ethernet) #maxfiles 99 Saving captured data T o set the PCAP capture mode to loss or no loss, from CLI Capture Configuration Mode enter: capture-all or No capture-all For e xample, enter: CES(capture-ethernet) #capture-all Configuring and running pac [...]
-
Страница 116
116 Chapt er 5 Packet capture NN46110-602 For e xample, enter the following command: CES# capture add test1 ? atm ATM interfac e capture bri Bri interface capt ure dial Dial interface cap ture FastEthernet Fast Ethernet inte rface capture GigabitEthernet Gigabit Ethernet i nterface capture global Global RAW IP capt ure serial Serial interface c apt[...]
-
Страница 117
Chapter 5 Packet captur e 117 Nortel VPN Router Tr oubleshoot ing T o conf igure a capture object: 1 Navigate to Captur e Configurati o n m o d e b y e n t e r i n g t h e capture command with the object name. CES# capture ether0 CES(capture-ethernet)# The resulting prompt shows the type of capture object (physical interface, tunnel, or glob al IP)[...]
-
Страница 118
118 Chapt er 5 Packet capture NN46110-602 T unnel capture parameters Capture objects for tunnels ha ve se ve ral unique parameters. The follo wing example creates a tunnel object called bot1 , nav igates to Capture Configuration mode, and displays the co mmands for tunnel obje cts. The commands in bold are the commands that are av ailable only fo r[...]
-
Страница 119
Chapter 5 Packet captur e 119 Nortel VPN Router Tr oubleshoot ing Global IP parameters The configurable parameters for the globa l IP capture object are the same as the parameters av ailable for physical interf ace objects. The following example creates a global ca pture object called raw ip , navigates to Capture Configuration mode, and displays t[...]
-
Страница 120
120 Chapt er 5 Packet capture NN46110-602 In the follo wing example, the show capture command is run with no object name to display a list of all the captu re objects conf igured on the VPN Router. CES# show capture Name Type Size Buffer use Count State bot1 TUNNEL 1048576 0% 0 EMPTY ether0 ETHERNET 1048576 7% 984 STOPPED rawip1 GLOBAL 1048576 0% 0[...]
-
Страница 121
Chapter 5 Packet captur e 121 Nortel VPN Router Tr oubleshoot ing Sample pac ket captu re configurations This section provides sample conf igura tions and the commands used to create them. Interface capture object usin g a filter and direction In the follo wing example, you co nf igure a capture object called test-f ilter-in on Fast Ethernet interf[...]
-
Страница 122
122 Chapt er 5 Packet capture NN46110-602 T o view the status of the running capture object, as well as its conf iguration, use the show capture command. (In this e xample, 20 frames are captured in the buff e r.) CES# show capture test-filter-in Capture state: RUNNING Capture buffer size: 1048576 Capture type: ETHERNET Capturing on interface: Fast[...]
-
Страница 123
Chapter 5 Packet captur e 123 Nortel VPN Router Tr oubleshoot ing T o create and use this capture object, you run commands like the ones illustrated in this example. These commands do the follo wing : 1 Create a capture object called test-trigger on Fast Ethernet interface 0/1 . 2 Enter Capture Conf iguration mode for the object. 3 Set the start tr[...]
-
Страница 124
124 Chapt er 5 Packet capture NN46110-602 After T elnet traff ic activ ates the stop trigger , the show capture command resembles the follo wing example. The Captur e state field no w shows that the capture was stop ped by the stop trigg e r . CES# show capture test-trigger Capture state: STOPPED by stop trigger Capture buffer size: 1048576 Capture[...]
-
Страница 125
Chapter 5 Packet captur e 125 Nortel VPN Router Tr oubleshoot ing 4 Exit Captur e Configuration mode. 5 Start the capture. CES# capture add test-remote-ip tunnel CES# capture test-remote-ip CES(capture-tunnel)# remoteip 192.168.100.1 CES(capture-tunnel)# exit CES# capture test-remote-ip start CES# T o stop the capture and sav e the buffer contents [...]
-
Страница 126
126 Chapt er 5 Packet capture NN46110-602 3 Click ether eal-setup- n.nn.n .exe . 4 Click a do wnload site and save the executable f ile on your hard dri ve. 5 Double-click the ex ecutable file to install Eth e re al software in the c:Program FilesEther eal directory . 6 After you install the softw are, click the Ethereal application to open the E[...]
-
Страница 127
Chapter 5 Packet captur e 127 Nortel VPN Router Tr oubleshoot ing 6 Enter the password that you entered wh en you enabled packet capture (see “Enabling packet capture on a VPN Router” on page 111 ). 7 From the open Ethereal window , disable Enable network name r esolution . If this parameter is enabled, a large PCAP file tak es a long time to o[...]
-
Страница 128
128 Chapt er 5 Packet capture NN46110-602 T1 frame relay capture: editcap -F ngsniffer d:pcapfr.cap frelay.syc 5 From Sniffer Pr o , open the .enc file or the .syc file to vie w the trace. For a global IP tra ce or tunnel trace, you must perform an extra step on Snif fer Pro because only Layer 3 traf fi c is recorded in the PCAP capture. 6 Before[...]
-
Страница 129
Chapter 5 Packet captur e 129 Nortel VPN Router Tr oubleshoot ing T o delete a pack et capture object: 1 Display all configured capture objects on the VPN Router to locate the object or objects that you w ant to delete. CES# show capture Name Type Size Buf fer use Count State test-fast ETHERNET 1048576 0% 10 STOPPED test-filter-in ETHERNET 1048576 [...]
-
Страница 130
130 Chapt er 5 Packet capture NN46110-602[...]
-
Страница 131
131 Nortel VPN Rout er Troubleshooting Appendix A MIB suppor t The VPN Router supports the management information base (MIB) for use with network management protocols in TCP/IP-based Internets and TCP/IPX-based networks. T he VPN Router supports SNMP Gets only . It does not support SNMP Sets. Nortel also pro vides proprietary MIBs for the VPN Route[...]
-
Страница 132
132 Appendix A MIB support NN46110-602 RFC 1724—RIP V er sion 2 MIB Extension The VPN Router su pports RFC 1724, RIP V ersion 2 MIB Extension . As stated in the introduction to the RFC, the RFC “d efines a portion of the Management Information Base (MIB) for use with netw ork management protocols in TCP/ IP-based internets. In particular , it d[...]
-
Страница 133
Appendix A MIB support 13 3 Nortel VPN Router Tr oubleshoot ing RFC 2787—VRRP MIB The VPN Router su pports RFC 2787, Definitions o f Managed Objects for the V irtual Router Redundancy Pr otocol . As stated i n the introduction, RFC 2787 “defines an e xtension to the Management Information Base (MIB) for use with SNMP-based network management. I[...]
-
Страница 134
134 Appendix A MIB support NN46110-602 RFC 1573—IanaIfT ype MIB This MIB contains the enumerations for rfc2233 ifT able.ifT ype. These enumerations describe the various types of interf aces that ifT able can support. RFC 2233—If MIB This MIB is the latest e volution of rfc12 13 Interf aces group, plus se veral ne w objects. RFC 2571—Snmp-Fram[...]
-
Страница 135
Appendix A MIB support 13 5 Nortel VPN Router Tr oubleshoot ing — hrNetworkT able — hrPrinterT able — hrDiskStorageT able hrDiskStorageCapacity — hrPartit ionT able hrPartitionSize — hrFST able hrFSLastFullBackupDate hrFSLastPartialBackupDate • hrSWRun Group hrSWRun • hrSWRunPerf Group hrSWRunPerf • hrSWRunT able — hrSWRunIndex ?[...]
-
Страница 136
136 Appendix A MIB support NN46110-602 RFC2863 Interface MIB ( 64 bit counter s suppor t) The support for the following entries w as a dded in the interface table: ifHCInOctets, ifHCInUcastPkts, ifHCOu tOctets and ifHCOutUcastPkts. These counters already existed and were e x tended from Counter32 to Co unter64. VPN Router MIB This MIB contains VPN [...]
-
Страница 137
Appendix A MIB support 13 7 Nortel VPN Router Tr oubleshoot ing cestraps.mib—Nor tel pr oprietar y MIB This section lists the cont ents of the cestraps.mib, the Nortel MIB for the VPN Router. -- Trap #5005 ---------------------- ----------- -- Each Trap contains the Trap OID as well as the following OIDs : -- SeverityLevel -- System Name -- Syste[...]
-
Страница 138
138 Appendix A MIB support NN46110-602 -- The second means packets were dropped due to a de tected spoofed address -- The third should never happen, but means the status has been set to a bogus value. " ::= {serviceCESTrapInfo 6} antiSpoofingStatusTrap TRAP-TYPE ENTERPRISE serviceCESTrapInfo VARIABLES { severityLevel, antiSpoofingStatus, s yst[...]
-
Страница 139
Appendix A MIB support 13 9 Nortel VPN Router Tr oubleshoot ing new oak.mib This section provides the contents of the ne woak.mib, which defines the newoa k enterprise ID, the contivity object identif ier, and the sysObjectIDs for each VPN Router model. -- This MIB module uses the extende d OBJECT-TYPE macro as -- defined in [9], and the TRAP-TYPE [...]
-
Страница 140
140 Appendix A MIB support NN46110-602 Har dware-related traps hardwareTrapInfo OBJECT IDENTIFIER ::= {ContivitySnmpTraps 1} -- Trap #1001 hardDisk1Status OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "Hard Disk Number 1 Stat us." ::= {hardwareTrapInfo 1} -- Trap #1002 hardDisk0Status OBJECT-TYPE SYNTAX Di[...]
-
Страница 141
Appendix A MIB support 14 1 Nortel VPN Router Tr oubleshoot ing ACCESS read-only STATUS mandatory DESCRIPTION "Status of the first CPU fan." ::= {hardwareTrapInfo 6} -- Trap #1007 fanTwoStatus OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "Status of the second CP U fan." ::= {hardwareTrapInfo 7} [...]
-
Страница 142
142 Appendix A MIB support NN46110-602 ACCESS read-only STATUS mandatory DESCRIPTION "Status of 2.5VA power." ::= {hardwareTrapInfo 12} -- Trap #10013 twoDotFiveVB OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "Status of 2.5VB power." ::= {hardwareTrapInfo 13} -- Trap #10014 twelveVoltsPositive O[...]
-
Страница 143
Appendix A MIB support 14 3 Nortel VPN Router Tr oubleshoot ing ACCESS read-only STATUS mandatory DESCRIPTION "The chassis intrusion s ensor indicates that the unit has been opened." ::= {hardwareTrapInfo 18} -- Trap #10019 dualPowerSupply OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "Status of the r[...]
-
Страница 144
144 Appendix A MIB support NN46110-602 Server-related traps serverTrapInfo OBJECT IDENTIFIER ::= {ContivitySnmpTraps 2} -- Trap #3001 radiusAcctServer OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "Status of External Radi us Accounting Server." ::= {serverTrapInfo 1} -- Trap #3002 backupServer OBJECT-TYPE [...]
-
Страница 145
Appendix A MIB support 14 5 Nortel VPN Router Tr oubleshoot ing ACCESS read-only STATUS mandatory DESCRIPTION "Status of DNS Server." ::= {serverTrapInfo 6} -- Trap #3007 SNMPServer OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "Status of SNMP Server." ::= {serverTrapInfo 7} -- Trap #3008 IPAddre[...]
-
Страница 146
146 Appendix A MIB support NN46110-602 Software-related traps softwareTrapInfo OBJECT IDENTIFIER ::= {ContivitySnmpTraps 3} -- Trap #5001 NetBuffers OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "Network buffer usage." ::= {softwareTrapInfo 1} -- Trap #5002 fireWall OBJECT-TYPE SYNTAX DisplayString ACCESS [...]
-
Страница 147
Appendix A MIB support 14 7 Nortel VPN Router Tr oubleshoot ing Intrusion-related traps intrusionTrapInfo OBJECT IDENTIFIER ::= {ContivitySnmpTraps 5} -- Trap #201 securityIntrusion OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "Login Security Intrusion." ::= {intrusionTrapInfo 1} System-related traps -- T[...]
-
Страница 148
148 Appendix A MIB support NN46110-602 Inf ormation passed with every trap SeverityLevel OBJECT-TYPE SYNTAX INTEGER { fatal(1), major(2), minor(3), informational(4), insignificant(5), reversal(6) } ACCESS read-only STATUS mandatory DESCRIPTION "Severity of specific tr ap." ::= {ContivitySnmpTraps 7} systemName OBJECT-TYPE SYNTAX DisplaySt[...]
-
Страница 149
Appendix A MIB support 14 9 Nortel VPN Router Tr oubleshoot ing Ta b l e 3 provides trap categories and explanations. T able 3 T rap categories Hardware 1.3.6.1.4.1.2505.1.1.0.1001 hardDisk1StatusT rap 1.3.6.1.4.1.2505.1.1.0.1002 hardDisk0StatusT rap 1.3.6.1.4.1.2505.1.1.0.1003 memoryUsageTrap 1.3.6.1.4.1.2505.1.1.0.1004 lanCardStatusTra p 1.3.6.1.[...]
-
Страница 150
150 Appendix A MIB support NN46110-602 Ta b l e 4 provides descriptions for the VPN Router traps. Server 1.3.6.1.4.1.2505.1.2.0.3007 snmpServerTrap 1.3.6.1.4.1.2505.1.2.0.3008 ipAddressPoolTra p 1.3.6.1.4.1.2505.1.2.0.3009 extLDAPServerTra p 1.3.6.1.4.1.2505.1.2.0.30010 radiusAuthServer Trap 1.3.6.1.4.1.2505.1.2.0.30011 certificateServe rTrap Softw[...]
-
Страница 151
Appendix A MIB support 15 1 Nortel VPN Router Tr oubleshoot ing Proprietar y 1.3.6.1.4.1.2505.1.1.0.1009 fiv eV olts P osStatusT rap Status of the +5 V olt power . Proprietar y 1.3.6.1.4.1.2505.1.1.0.10010 five V oltsMin usT rap Statu s of -5 V olt power . Proprietar y 1.3.6.1.4.1.2505.1.1.0.10011 threeV oltsP ositiv eT rap Status of +3 V olt powe [...]
-
Страница 152
152 Appendix A MIB support NN46110-602 Proprietar y 1.3.6.1.4.1.2505.1.1.0.10020 t1 WANStatusT rap S tatus of T1 W AN card(s); P ossible v a lues fo r Wanic: Aler t: Inv alid Device X. W ar ning: Device W anicX disab l ed. Aler t: Device W anicX down. W ar ning: Device W anicX not initialized. W ar ning: Device W anicX PPP negotiating. Aler t: Devi[...]
-
Страница 153
Appendix A MIB support 15 3 Nortel VPN Router Tr oubleshoot ing Proprietar y 1.3.6.1.4.1.2505.1.1.0.10022 hw AccelT rap Status of hardware accelerator card. P ossible V alues: Inv alid hardware accelerator unit %d. Unknown hardware accelerator unit %d. Health y: Bulk Accelerator in slot %d: Unit %d Status 1— AT TA C H E D . W ar ning: Bulk Accele[...]
-
Страница 154
154 Appendix A MIB support NN46110-602 Proprietar y 1.3.6.1.4.1.2505.1.1.0.10024 v90W AN StatusT rap Status of V .90 Interface card. P ossible V alues: Please note that X corresponds to the unit number of the card. Aler t: V .90 Inv alid index X. Disabled: De vice IntModem-X disabled. Health y: Device IntModem-X: PPP is UP . Aler t: Device IntModem[...]
-
Страница 155
Appendix A MIB support 15 5 Nortel VPN Router Tr oubleshoot ing Proprietar y 1.3.6.1.4.1.2505.1.1.0.10026 serUar tStatusT rap Status of Serial (COM) por t/ interface . P ossible V alues: Please note that X corresponds to the unit number of the serial interface . Aler t: COM por t Inv alid index X Health y: Device COMX is set fo r Serial Menu. Disab[...]
-
Страница 156
156 Appendix A MIB support NN46110-602 Proprietar y 1.3.6.1.4.1.2505.1.2.0.3005 loadBala nci ngSer verT rap Status of Load Balancing Ser ver . Proprietar y 1.3.6.1.4.1.2505.1.2.0.3006 dnsSer ve rT rap Status of D NS Ser ver . Proprietar y 1.3.6.1.4.1.2505.1.2.0.3007 snmpServerT rap Status of SNMP Ser ver . Proprietar y 1.3.6.1.4.1.2505.1.2.0.3008 i[...]
-
Страница 157
Appendix A MIB support 15 7 Nortel VPN Router Tr oubleshoot ing Proprietar y 1.3.6.1.4.1.2505.1.2.0.30014 dhcp Ser verT rap Status of DHCP Ser ver . P ossible V alues: Disabled: DHCP Server is Disabled. Aler t: DHCP Ser ver is NO T configured. Aler t: DHCP Ser ver is configured and operational, Using backup config. Aler t: No IP Address av ailable [...]
-
Страница 158
158 Appendix A MIB support NN46110-602 Proprietar y 1.3.6.1.4.1.2505.1.3.0.5007 sslV pnStatusT rap Status of SSL-VPN Accelerator . P ossible V alues: Disabled: Disabled—The unit is administratively disabled. Disabled: HW not installed— There is no SSL-VPN Accelerator installed. W ar ning: In itializati on in progress—The unit is being intiali[...]
-
Страница 159
Appendix A MIB support 15 9 Nortel VPN Router Tr oubleshoot ing Standard 1.3.6.1.2.1.11.0.2 linkDown A linkDown trap signifies that the sending protoc ol entity recognizes a f ai lure in one of the communication links represente d in the agent's configuration. V arbind list: ifInde x—ifInde x of th e interf ace. ifAdminStatus—ifAdminStatus[...]
-
Страница 160
160 Appendix A MIB support NN46110-602 Standard 1.3.6.1.2.1.11.0.3 linkUp A linkUp trap signifies that the sending protoc ol entity recognizes that one of the communicati on links represented in the agent's configuration is up . V arbind list: ifInde x—ifInde x of th e interf ace. ifAdminStatus—ifAdminStatus of the interf a ce. ifOperStatu[...]
-
Страница 161
Appendix A MIB support 16 1 Nortel VPN Router Tr oubleshoot ing Standard 1.3.6.1.2.1.11.0.5 authenticationF ailure n aut henticationF ailu re trap signifies that the SNMPv2 entity , acting in an agent role, received a protocol message th at is not properly authe nticated. The snmpEnableA uthenT raps object indicates wh ether this trap is generated.[...]
-
Страница 162
162 Appendix A MIB support NN46110-602 Standard 1.3.6.1.2.1.11.0.2 linkDown A linkDown trap signifies that the sending protoc ol entity recognizes a f ai lure in one of the communication links represente d in the agent's configuration. V arbind list: ifInde x—ifInde x of th e interf ace. ifAdminStatus—ifAdminStatus of the interf a ce. ifOp[...]
-
Страница 163
Appendix A MIB support 16 3 Nortel VPN Router Tr oubleshoot ing Standard 1.3.6.1.2.1.11.0.3 linkUp A linkUp trap signifies that the sending protoc ol entity recognizes that one of the communicati on links represented in the agent's configuration is up . V arbind list: ifInde x—ifInde x of th e interface ifAdminStatus—ifAdminStatus of the i[...]
-
Страница 164
164 Appendix A MIB support NN46110-602 Standard 1.3.6.1.2.1.11.0.5 authenticationF ailure An aut henticationFailure trap signifies that the SNMPv2 entity , acting in an agent role, received a protocol message th at is not properly authe nticated. The snmpEnableA uthenT raps object indicates whether this trap is generated. snmpAuthenOper ation -ces [...]
-
Страница 165
165 Nortel VPN Rout er Troubleshooting Appendix B Using serial PPP Y ou use Serial Po int-to-Point Protocol (PPP) to manage the VPN Router from a remote location using PPP and the serial interface. If the VPN Router becomes unreachable ov er the Internet, you can s till dial up and mana ge it through the serial interface menu. W ith this feature, t[...]
-
Страница 166
166 Appendix B Using serial PPP NN46110-602 Setting up a Dial-Up Netw orking connection T o establish a Serial PPP connection us ing a Microsoft Dial-Up Netw orking connection from the client system: 1 Double-click My Computer . 2 Double-click the Microsoft Di al-Up Networking icon . 3 Set the COM port baud rate on the client system so that it is c[...]
-
Страница 167
Appendix B Using serial PPP 167 Nortel VPN Router Tr oubleshoot ing Setting up the modem The follo wing procedure assumes that you are using a 3Com/US Robotics 5 6 K x2 modem. It describes how to set up a modem to co mmunicate with the VPN Rou ter using a dial-up networki ng connection. Ta b l e 5 l ists the DIP switch settings. Setting up the VPN [...]
-
Страница 168
168 Appendix B Using serial PPP NN46110-602 to access all management services (HTTP , T elnet, FTP , SNMP) through the W eb interface. Once you establis h a session through PPP , the serial interface acts as a pri vate W AN interface with a n internal IP address (0.0.1.35). • Auto detect—automatically detects whether the co nnected device is us[...]
-
Страница 169
Appendix B Using serial PPP 169 Nortel VPN Router Tr oubleshoot ing Dialing in to the VPN Router Use the standard dial-up network ing pr ocedure to connect to the VPN Router. After connecting, you can then manage th e VPN Router using either T elnet (for the command line interface) or the browser -based GUI. U se the VPN Router’ s management IP a[...]
-
Страница 170
170 Appendix B Using serial PPP NN46110-602 Cause: Y ou were dialed in and managing the VPN Router remotely using PPP and you changed the baud rate and applied it, bu t now you canno t manage the VPN Router. Action: T o manage the VPN Router, disconnect the dial-up co nnection and try to re-establish it. This gi ves the modem a chan ce to renegotia[...]
-
Страница 171
Appendix B Using serial PPP 171 Nortel VPN Router Tr oubleshoot ing Action: Make sure that the modem that is connec ted to the VPN Router has hardware flo w control enable d. PPP option settings The follo wing settings describe the VP N Router’ s behavior when ne gotiating serial PPP . For IP: • IP Address nego tiation is enabled. • The VPN R[...]
-
Страница 172
172 Appendix B Using serial PPP NN46110-602[...]
-
Страница 173
173 Nortel VPN Rout er Troubleshooting Appendix C System messages System forwarding (syslog) uses the syst em logging daemon (syslogd) to forward information from the VPN Router system log to dif ferent host machines. This appendix provides a listing of possib le syslog messages that the VPN Router can write to a remote system. A description and th[...]
-
Страница 174
174 Appendix C System messages NN46110-602 tCer t: Shutdown complete Description: This informational message indica tes that the task responsible for certificate maintenance is shut do wn. This is usually part of the normal system shutdo wn. Action: No action required. tCer t: task creation failed Description: The task responsible for X.509 certifi[...]
-
Страница 175
Appendix C System messages 175 Nortel VPN Router Tr oubleshoot ing 2 Manually verify the tunnel-related ce rtificate f ingerprints. Perform this procedure any time you suspect tamperin g. ISAKMP messages ISAKMP [ 13 ] No pr oposal chosen in message from xxx (a.b.c.d) In many cases, a Session:IPsec message precedes the ISAKMP message. If the Session[...]
-
Страница 176
176 Appendix C System messages NN46110-602 Action: Make sure the PFS settings on both sides match. Either enable PFS on the remote side, or disable PFS locally . ISAKMP [ 13 ] Err or notification (No proposal chosen) received from xxx (a.b.c.d) Description: The proposal made b y the local VPN Router is reject ed by a VPN Client. This usually indica[...]
-
Страница 177
Appendix C System messages 177 Nortel VPN Router Tr oubleshoot ing ISAKMP [ 13 ] Error notification (A uthent ication failure) received from xxx (a.b.c.d) Description: A VPN Client attempted to connect , b ut the user supplied the wrong password. Action: Make sure that the user and the VPN Router ha ve the same password. Description: A remote branc[...]
-
Страница 178
178 Appendix C System messages NN46110-602 ISAKMP [ 13 ] In valid ID inf ormat ion in message from xxx (a.b.c.d) Description: One side of the connec tion is conf igured to support dynamic routing while the other side is conf igured for static routing. Bran ch off ice is xxx . Action: Conf igure both sides to us e the same routing type. Description:[...]
-
Страница 179
Appendix C System messages 179 Nortel VPN Router Tr oubleshoot ing Action: Remov e the existing static route or change the route for the remote network to be a sub set or superset of the static route. SSL messages Checking c hain: in valid parent cert, xxx Description: The gi ven certif icate in the chain is not v a lid. This indicates that the cer[...]
-
Страница 180
180 Appendix C System messages NN46110-602 No matching trusted CA certs Description: None of the certificates in the ch ain are trusted CA certificates. Y ou can receiv e this message if the CA certificat e is not installed or is not mark ed as trusted on the VPN Router. Action: Mak e sure the CA certificate is insta lled and that the certificate i[...]
-
Страница 181
Appendix C System messages 181 Nortel VPN Router Tr oubleshoot ing Action: Make sure the ba ckup file has an 8.3 file name. LDIF file: could not restore xxx Description: The internal LD AP se rver database cannot be restored from the specified LDIF f ile. This indicates that the LDIF f ile does not exist. Action: Choose an LDIF f ile that currently[...]
-
Страница 182
182 Appendix C System messages NN46110-602 CaA uthSer verCollection: authenticate xxx cer t [xxx] in valid signature b y [xxx] - xxx Description: The certif icate passed in with th e authentication request does not ha ve a v alid signature, based on the CA ce rtificate conf igured on the VPN Router. This indicates either an incorrect certificat e a[...]
-
Страница 183
Appendix C System messages 183 Nortel VPN Router Tr oubleshoot ing Action: Start the LD AP server , or change the external LD A P server conf iguration to make it accessible. Security: store ne w system subnet mask xxx failed— xxx Description: The system subnet mask cannot be stored in the VPN Router confi guration LD AP entry . This can in dicat[...]
-
Страница 184
184 Appendix C System messages NN46110-602 Action: Start the LD AP server , or change the external LD A P server conf iguration to make it accessible. Error deleting entry [xxx]—xxx Description: An er ror occurred while deleting an LD AP entry . This indicates that the LD AP server is not accessible. Action: Start the LD AP server , or change the[...]
-
Страница 185
Appendix C System messages 185 Nortel VPN Router Tr oubleshoot ing xxx xxx being referenced b y xxx Description: The LDAP entry is referenced b y another LD AP entry (for example, a filter set referenced by a User Group or Branch Of fice Connection). Action: Remov e all references to the LD AP entry in question, then delete the entry . Session: xxx[...]
-
Страница 186
186 Appendix C System messages NN46110-602 Session: xxx[xxx]:xxx xxx auth method not allowed Description: The authentication method of the in coming request is not allo wed in the group that th e session is bound to. The session is bound to a g roup by one of the follo wing: • the group that the user’ s account is in (in LD AP) • RADIUS defa [...]
-
Страница 187
Appendix C System messages 187 Nortel VPN Router Tr oubleshoot ing Session: xxx[xxx] : xxx IP address assignment failed Description: An address cannot be assigned to the session. This occurs if the static address for the session is in use or if the address po ol is exha usted. Action: Expand the number of addresses in the pool, or change the static[...]
-
Страница 188
188 Appendix C System messages NN46110-602 Session: xxx[xxx] : xxx account not allowed now Description: The session request is outside the permitted hours of access. Action: Change the Access Hours setting assigned to the group on the Prof iles > Groups > Edit > Connecti vity window . Session: xxx[xxx] : xxx authentication failed using xxx[...]
-
Страница 189
Appendix C System messages 189 Nortel VPN Router Tr oubleshoot ing Session: xxx[xxx] : xxx in valid pass wor d—master admin authentication failed Description: The primary administrator passw ord is in valid. This results from using the wrong passw ord or from making a mistake while typin g the password. Action: Make sure you are using the correct[...]
-
Страница 190
190 Appendix C System messages NN46110-602 Session: xxx[xxx] : xxx pool address [xxx] already in use Description: The returned static pool address is currently is use. This error occurs if another tunnel is using this address through a static address conf iguration or another address pool. The error also occurs if a static host rout e using this ad[...]
-
Страница 191
Appendix C System messages 191 Nortel VPN Router Tr oubleshoot ing RADIUS accounting messages RADIUS: Cannot send ac counting request to < ser ver-name >, possibl y due to DNS translation failure Description: This message indicates a conn ection failure. While sending a request, an error occurred du e to a socket creation probl em. This usual[...]
-
Страница 192
192 Appendix C System messages NN46110-602 RADIUS: network soc ket failure with < ser ver-name >, recvfr om error: < error > Description: This message indicates a connection failure. An error occurred while receiving the response. Action: Retry authentic ation attempt and verify that RADIUS serv er packets ar e properly formed. RADIUS: [...]
-
Страница 193
Appendix C System messages 193 Nortel VPN Router Tr oubleshoot ing Action: Retry authentic ation attempt and verify that RADIUS serv er packets ar e properly formed. Unsuppor ted response type (< numb er >) received from server Description: This message indicates that an in v a lid response was recei ved. The response packet type is not one o[...]
-
Страница 194
194 Appendix C System messages NN46110-602 RADIUS authentication messages RADIUS: Cannot sen d request to < ser ver-name >, possib ly due to DNS translation failure Description: This message indicates a conn ection failure. While sending a request, an error occurred du e to a socket creation probl em. This usually indicates a DNS resolution p[...]
-
Страница 195
Appendix C System messages 195 Nortel VPN Router Tr oubleshoot ing RADIUS: < server-name > server timed out authenticating < user-name > Description: This message indicates a connec tion failure. The connection timed out while waiting for a response. Action: V erify the follo wing: • RADIUS serv er’ s IP address and port number are [...]
-
Страница 196
196 Appendix C System messages NN46110-602 RADIUS: < server-name > sent in v a lid response packet f or < user-name > Description: This message indicates that an in v a lid response was recei ved. The length of the response packet is not equal to the number of bytes recei ved. Action: Retry authentic ation attempt and verify that RADIUS[...]
-
Страница 197
Appendix C System messages 197 Nortel VPN Router Tr oubleshoot ing Action: V erify that the shared secrets match. RADIUS: < server-name > sent pac ket with inv alid response authenticator f or < user-name > Description: This message indicates that an in v a lid response was recei ved. The computed authenticator does not match the v alue[...]
-
Страница 198
198 Appendix C System messages NN46110-602 RADIUS: < user-name > access DENIED b y ser ver < server-name > Description: This message indicates that a v a lid ac cess-reject response was receiv ed. Action: No action required. Response OK Description: This message indicates that a valid access-accept response was receiv ed. Action: No act[...]
-
Страница 199
Appendix C System messages 199 Nortel VPN Router Tr oubleshoot ing Action: No action required. Closing OSPF-RTM connection Description: OSPF closed the R TM connection, wh ich occurs if the administrator disables OSPF from Routing > OSPF window . Action: No action required. Ospf_Global.State changed from ENABLED to DISABLED b y user 'admin&[...]
-
Страница 200
200 Appendix C System messages NN46110-602 Can not accept x.x. x.x as router id Description: OSPF can not accept the gi ven router ID in the Routing > OSPF windo w . Action: Y ou m ust change router ID in the Routing > OSPF window . In valid router IDs are 127.0.0.1 and 0. 0.0.0. LoadOspfAreas Failed Description: OSPF failed to load all areas[...]
-
Страница 201
Appendix C System messages 201 Nortel VPN Router Tr oubleshoot ing VR xxx : Star ting xxx as Bac kup for xxx Description: Logged when starting as a backup for an address. The parameters are: • The VRID of this VR • The reason for starting, either because it was enabled or the interface went up • The IP addre ss Action: No action required. VR [...]
-
Страница 202
202 Appendix C System messages NN46110-602 Unable to get conf iguration for VR xxx Description: This is an error e vent that is lo gged when VRRP is enabled but the common configuration parameters are mi ss ing. These are the items set in the Routing > VRRP windo w . Action: No action required. RIP xxx : RIP Enabled Description: Logged when RIP [...]
-
Страница 203
Appendix C System messages 203 Nortel VPN Router Tr oubleshoot ing RIP xxx : Circuit xxx deleted Description: Logged when the RIP circuit is de leted. The parameter stands for circuit ID. Action: No action required. RIP xxx : Unable to register with UDP Description: Logged when you can n ot re gister with UDP protocol. Action: No action required. R[...]
-
Страница 204
204 Appendix C System messages NN46110-602 RIP xxx : Unable to spa wn timer task xxx fo r RI P Description: Logged when RIP fails to spa w n the timer task. The parameter stands for the name of the task. Action: No action required. RIP xxx : cid xxx mismatched auth passw ord fr om xxx Description: Logged when RIP authentication fa ils while recei v[...]
-
Страница 205
Appendix C System messages 205 Nortel VPN Router Tr oubleshoot ing Interface [ nnn ] replaced, deleting from config Description: This indicates the card type specif ied in the configuration f ile does not match the card currently in the sl ot. The interface is deleted from the confi guration. This applies when the replaced card has more ports than [...]
-
Страница 206
206 Appendix C System messages NN46110-602[...]
-
Страница 207
207 Nortel VPN Rout er Troubleshooting Appendix D Configuring f or interoperability This chapter expl ains the requirements and procedures for setting up dif ferent vendor hardw are or software to intero perate with the VPN Router. Y ou can use these instructions to establish encrypted tunnels to and from the VPN Router with the noted v endors. The[...]
-
Страница 208
208 Appendix D Config uring for in teroperability NN46110-602 Figure 11 VPN Router and Cisco 2514 netw or k topolog y[...]
-
Страница 209
Appendix D Configurin g for interoperability 209 Nortel VPN Router Tr oubleshoot ing The follo wing is a show config command: Cisco2514# show config Using 1088 out of 32762 bytes version 11.3 no service password-encryption hostname Cisco2514 enable secret 5 $1$aSJB$Xz/o4I4IqCY. FT2RH372/1 enable password password ! crypto isakmp policy 1 hash md5 a[...]
-
Страница 210
210 Appendix D Config uring for in teroperability NN46110-602 dialer-list 1 protocol ipx permit snmp-server community public RO line con 0 line aux 0 line vty 0 4 password terminal login end Configuring the VPN Router f or Cisco interoperability T o configure the VPN Router for Cisco interoperability: 1 Select to Pr ofiles > Networks and click E[...]
-
Страница 211
Appendix D Configurin g for interoperability 211 Nortel VPN Router Tr oubleshoot ing Configuring the SafeNet/Soft-PK Security P olicy Database Editor , V ersion 1.0s T o set up the VPN Router to establish encrypted tunnel connections with the IRE Soft-PK Security Policy Client as illustrated in Figure 12 , configure the windows as described on fo l[...]
-
Страница 212
212 Appendix D Config uring for in teroperability NN46110-602 Connecting to IRE SafeNET/So ft-PK Security P olic y Client T o set up the VPN Router to establish encrypted tunnel connections with the IRE SafeNet/Soft-PK Security Polic y Client, do the following: 1 Open the SafeNet/Soft-PK Secu rity Policy Client, and click File: New . The follo wing[...]
-
Страница 213
Appendix D Configurin g for interoperability 213 Nortel VPN Router Tr oubleshoot ing • 8.1.10.42 The SafeNet/Soft PX Security Po lic y Editor dialog box appears. 6 Click My Identity to conf igure the SafeNet clie nt, and select the following: • Select Certificate: None •I D T y p e : IP Address • Port: All 7 Click Pr e-Shared K ey . The Pre[...]
-
Страница 214
214 Appendix D Config uring for in teroperability NN46110-602 The SafeNet/Soft-PK Security Po lic y Editor dialog box appears. 10 From Security Policy: Select Phase 1 Negotiation Mode , click Main Mode . 11 Click Enable Replay Detection . 12 On the A uthentication (Phase 1), Proposal 1, A uthentication window , enable the following:[...]
-
Страница 215
Appendix D Configurin g for interoperability 215 Nortel VPN Router Tr oubleshoot ing • Authentication Method: Pre-S hared key • Encrypt Alg: DES •H a s h A l g : MD5 •S A L i f e : Seconds and 3000 (Seconds) • Ke y G roup: Diffie-Hellman Gr oup 1 13 On the Key Exchange (Phase 2), Pr opo sal 1 windo w , enable the follo wing: • Encapsula[...]
-
Страница 216
216 Appendix D Config uring for in teroperability NN46110-602 9 For some v e ndors, if you want to turn off V endor ID and/or P erfect F o rward Secrecy (PFS) , do that on the Profiles > Gr oups > IPsec: Configur e window . Thir d-par ty client installation The VPN Router su pports third-party IPsec clients and includes supp ort for the follo[...]
-
Страница 217
Appendix D Configurin g for interoperability 217 Nortel VPN Router Tr oubleshoot ing Considerations f o r usin g third- par ty c lients There are sev era l considerations regarding the use of third-party clients with VPN Router: • Client Dynamic Addressing—M any th ird-party clients no w support the Aggressi ve mode method o f establis hing a s[...]
-
Страница 218
218 Appendix D Config uring for in teroperability NN46110-602 • Load Balancing—T raditional load balancers often do not work with the IPsec protocol because of the security featur es on individual packets and separate ke y management and data channels. The VPN Router has built-in load balancing features for IPsec client term inations that allo [...]
-
Страница 219
Appendix D Configurin g for interoperability 219 Nortel VPN Router Tr oubleshoot ing (are correctly decrypted, and authenti cated) are accepted; other packets are dropped. If an y attempt is made to chan ge the station address of the client, the tunnel is automatically closed. Third-part y clients do not n ecessarily have this security . • T ight[...]
-
Страница 220
220 Appendix D Config uring for in teroperability NN46110-602 then select a default server certif icate from the list. Y ou conf igure servers from the System > Certif icates window . 7 Select Prof iles > Branch Off ice , click Edit , scroll do wn to the IPsec section and click Configur e . The Bran ch Off ice windo w appears. 8 Select the en[...]
-
Страница 221
Appendix D Configurin g for interoperability 221 Nortel VPN Router Tr oubleshoot ing Figure 13 Split tunneling e xample T o configure the VPN Router as a user tunnel: 1 Select Prof iles > Groups and click Add . Enter a group n ame of up to 64 characters (spaces are pe rmitted); for example, Research and De velopment. 2 Click Edit ne xt to the na[...]
-
Страница 222
222 Appendix D Config uring for in teroperability NN46110-602 6 Selections in the Encryption fields are dependent on the type of encryption that your third-pa rty client supports. 7 Enable Perfect F orwar d Secrecy (PFS) . PFS ensures that if one ke y is compromised, subsequent keys are not compromised. 8 In the F orced Logoff dialog box, specify a[...]
-
Страница 223
Appendix D Configurin g for interoperability 223 Nortel VPN Router Tr oubleshoot ing Network addresses form th e basis of the IPX internetwork addressing scheme for sending packets between netw ork segm ents. Ev e ry network segment of an internetwork is assigned a unique network address by which routers forward packets to their f inal destination [...]
-
Страница 224
224 Appendix D Config uring for in teroperability NN46110-602 Windows 95 and Windo ws 98 When running Windo ws 95 or W in dows 98, load the intraNetW are* client, which is a vailable from the No vell W eb site: http://www.novell.com Windows NT Y ou can use either the NetW a re client that is already on W indows NT systems or the No vell intraNetW a[...]
-
Страница 225
Appendix D Configurin g for interoperability 225 Nortel VPN Router Tr oubleshoot ing Figure 14 IPX topolog y Note: The pri vate LAN can also carry IP and IPX traf fic simultaneously . The IP addresses are not shown in this figure.[...]
-
Страница 226
226 Appendix D Config uring for in teroperability NN46110-602[...]
-
Страница 227
Nortel VPN Rout er Troubleshooting 227 Inde x A accounting data 40 records 38, 39 accounting log 38 acti ve sessions 96 Acti veX Scripts 93 administrator settings 28 administrator privileges 27 authentication fail ed 74 B background images 96 backups 52 branch of fice error messages 178 bro wser error messages 94 browsing delays 93 C certificate er[...]
-
Страница 228
228 Index NN46110-602 SSL 179 e vent log 35, 41 External DHCP server 97 extinction interval 84 timeout 84 Extranet Access client monitor 70 connection problems 73 F factory default 49 configuration 50 fi le management 30 G general problems overv iew 7 0 solving 92 H hard driv e, reform atting 51 hardware health check 37 hardware error messages 204 [...]
-
Страница 229
Index 229 Nortel VPN Router Tr oubleshoot ing modem hardware errors 82 MS-DOS naming con vention 97 multiple Help windows 95 N NetBEUI 77, 83 NetBIOS 77, 83, 84, 88 Netscape Communicator 92 netstats command 71 NetW are client 224 Network Neighborhood 84 new oak.mi b 139 Nortel Networks MIB 31 Novell intraNetW are client 224 P Partial Backup 50 perf[...]
-
Страница 230
230 Index NN46110-602 RADIUS accounting 191 RADIUS authentication 194 routing 198 security 181 SSL 179 T T1/V .35 interface 80 technical publications 22 text con ventions 17 tools ARP 30 ping 29 traceroute 30 tracert command 71 traps hardware 140 information for all 147, 148 intrusion-related 147 login-related 146 server -related 144 software-relat[...]