-
Troubleshooting Guide
-
Preface
-
Chapter 1 - Troubleshooting Overview
-
Chapter 2 - Audit Troubleshooting
-
Chapter 3 - Billing Troubleshooting
-
Chapter 4 - Call Processing Troubleshooting
-
Chapter 5 - Configuration Troubleshooting
-
Chapter 6 - Database Troubleshooting
-
Chapter 7 - Maintenance Troubleshooting
-
Chapter 8 - Operations Support System Troubleshooting
-
Chapter 9 - Security Troubleshooting
-
Chapter 10 - Signaling Troubleshooting
-
Chapter 11 - Statistics Troubleshooting
-
Chapter 12 - System Troubleshooting
-
Chapter 13 - Network Troubleshooting
-
Chapter 14 - General Troubleshooting
-
Chapter 15 - Diagnostic Tests
-
Chapter 16 - Disaster Recovery Procedures
-
Chapter 17 - Disk Replacement
-
Appendix A - Recoverable and Nonrecoverable Error Codes
-
Appendix B - System Usage of MGW Keepalive Parameters
-
Glossary
-
Feedback
Table Of Contents
Invalid Credentials Presented by a Session Initiation Protocol Phone - Security (2)
Internet Protocol Security Connection Down - Security (3)
Internet Protocol Security Media Terminal Adapter Key Establish Error - Security (4)
Internet Protocol Security Outgoing Security Association Not Found - Security (5)
Secure Session Initiation Protocol Endpoint Validation Failure - Security (6)
Troubleshooting Security Alarms
Internet Protocol Security Connection Down - Security (3)
Security Troubleshooting
Revised: July 22, 2009, OL-8000-32Introduction
This chapter provides the information needed to monitor and troubleshoot Security events and alarms. This chapter is divided into the following sections:
•
Security Events and Alarms - Provides a brief overview of each Security event and alarm.
•
•
Security Events and Alarms
This section provides a brief overview of the Security events and alarms for the Cisco BTS 10200 Softswitch in numerical order. Table 9-1 lists all of the Security events and alarms by severity.
Note
SECURITY (1)
For additional information, refer to the "Test Report - Security (1)" section.
SECURITY (2)
To monitor and correct the cause of the event, refer to the "Invalid Credentials Presented by a Session Initiation Protocol Phone - Security (2)" section.
SECURITY (3)
To troubleshoot and correct the cause of the alarm, refer to the "Internet Protocol Security Connection Down - Security (3)" section.
Refer to the "Obtaining Documentation and Submitting a Service Request" section on page liii for detailed instructions on contacting Cisco TAC and opening a service request.
SECURITY (4)
To monitor and correct the cause of the event, refer to the "Internet Protocol Security Media Terminal Adapter Key Establish Error - Security (4)" section.
SECURITY (5)
To monitor and correct the cause of the event, refer to the "Internet Protocol Security Outgoing Security Association Not Found - Security (5)" section.
SECURITY (6)
To monitor and correct the cause of the event, refer to the "Secure Session Initiation Protocol Endpoint Validation Failure - Security (6)" section.
Monitoring Security Events
This section provides the information needed to monitor and correct Security events. Table 9-2 lists all Security events in numerical order and provides cross reference to each subsection in this section.
Table 9-2 Cisco BTS 10200 Softswitch Security Events
SECURITY(1)
INFO
SECURITY(2)
Invalid Credentials Presented by a Session Initiation Protocol Phone - Security (2)
WARNING
SECURITY(3)
MAJOR
SECURITY(4)
Internet Protocol Security Media Terminal Adapter Key Establish Error - Security (4)
WARNING
SECURITY(5)
Internet Protocol Security Outgoing Security Association Not Found - Security (5)
WARNING
SECURITY(6)
Secure Session Initiation Protocol Endpoint Validation Failure - Security (6)
WARNING
Test Report - Security (1)
The Test Report event is for testing the security event category. The event is informational and no further action is required.
Invalid Credentials Presented by a Session Initiation Protocol Phone - Security (2)
The Invalid Credentials Presented by a Session Initiation Protocol Phone event serves as a warning that credentials in a SIP request are not valid. To correct the cause of the event, ensure that password provisioned on the SIP phone matches the value provisioned in the Cisco BTS 10200 Softswitch.
Internet Protocol Security Connection Down - Security (3)
The Internet Protocol Security Connection Down alarm (major) indicates that the IP security engine is not running. To troubleshoot and correct the cause of the Internet Protocol Security Connection Down alarm, refer to the "Internet Protocol Security Connection Down - Security (3)" section.
Internet Protocol Security Media Terminal Adapter Key Establish Error - Security (4)
The Internet Protocol Security Media Terminal Adapter Key Establish Error event serves as a warning that the IPSEC MTA key establishment failed. The primary cause of the event is that a failure to establish the IPSEC keys to a given MTA using Kerberized key management protocol occurred. To correct the primary cause of the event, validate Kerberos provisioning and MTA device provisioning.
Internet Protocol Security Outgoing Security Association Not Found - Security (5)
The Internet Protocol Security Outgoing Security Association Not Found event serves as a warning that the KMS is unable to find a provisioned device to establish the needed SA. To correct the primary cause of the event, remove or modify the security policy which caused the `SA not found' error.
Secure Session Initiation Protocol Endpoint Validation Failure - Security (6)
The Secure Session Initiation Protocol Endpoint Validation Failure event serves as a warning that a secure SIP endpoint validation failed. The primary cause of the event is that the Cisco BTS 10200 Softswitch is incorrectly provisioned. To correct the primary cause of the event, check if correct value of secure-fqdn is provisioned in the Cisco BTS 10200 Softswitch system. The secondary cause of the event is that the DNS is incorrectly provisioned. To correct the secondary cause of the event, verify resolution of secure-fqdn in the DNS. The ternary cause of the event is that the CPE is incorrectly provisioned. To correct the ternary cause of the event, verify the CPE provisioning to ensure that the correct source IP/contact being used.
Troubleshooting Security Alarms
This section provides the information needed to monitor and correct Security alarms. Table 9-3 lists all Security alarms in numerical order and provides cross reference to each subsection in this section.
Table 9-3 Cisco BTS 10200 Softswitch Security Alarms
SECURITY(3)
MAJOR
Internet Protocol Security Connection Down - Security (3)
The Internet Protocol Security Connection Down alarm (major) indicates that the IP security engine is not running. The primary cause of the alarm is that the KMS has failed to establish the pf_key socket with the IPSEC engine. The alarm implies that the IPSEC engine is not running and that it may not be installed. To primary cause of the alarm, verify that IPSEC is installed and running in the kernel and reboot the platform. If problem persists or is recurrent, contact Cisco TAC. Refer to the "Obtaining Documentation and Submitting a Service Request" section on page liii for detailed instructions on contacting Cisco TAC and opening a service request.
