|
This appendix describes files for troubleshooting the VPN 3002, LED indicators on the system, and common errors that may occur while configuring and using the system, and how to correct them.
The VPN 3002 Hardware Client creates several files that you can examine and that can assist Cisco support engineers, when troubleshooting errors and problems:
SAVELOG.TXT
= Event log that is automatically saved when the system crashes and when it is rebooted.CRSHDUMP.TXT
= Internal system data file that is written when the system crashes.CONFIG
= Normal configuration file used to boot the system.CONFIG.BAK
= Backup configuration file.The VPN 3002 records system events in the event log, which is stored in nonvolatile memory (NVRAM). To troubleshoot operational problems, we recommend that you start by examining the event log. To view the event log, see Administration | File Management | View, and click View Saved Log File. To configure events, and to choose the events you want to view, see Configuration | System | Events and Monitoring | Filterable Event Log.
The VPN 3002 automatically saves the event log to a file in flash memory if it crashes, and when it is rebooted. This log file is named SAVELOG.TXT
, and it overwrites any existing file with that name. The SAVELOG.TXT
file is useful for debugging. To view SAVELOG.TXT
, see Administration | File Management | View, and click View Saved Log File.
If the VPN 3002 crashes during operation, it saves internal system data in nonvolatile memory (NVRAM), and then automatically writes this data to a CRSHDUMP.TXT
file in flash memory when it is rebooted. This file contains the crash date and time, software version, tasks, stack, registers, memory, buffers, timers, etc., which help Cisco support engineers diagnose the problem. In case of a crash, we ask that you send this file when you contact Cisco for assistance. to view the CRSHDUMP.TXT
file,
see Administration | File Management | View, and click View Saved Log Crash Dump File.
The VPN 3002 saves the current boot configuration file (CONFIG
) and its predecessor (CONFIG.BAK
) as files in flash memory. These files may be useful for troubleshooting. See Administration | File Management for information on managing files in flash memory.
LED indicators on the VPN 3002 are normally green or flashing amber. LEDs that are solid amber or off may indicate an error condition.
Contact Cisco support if any LED indicates an error condition.
The LEDs on the front of the VPN 3002 are:.
LEDs on front of unit | ||
---|---|---|
LED | State | Explanation |
PWR | green | Unit is on and has power. |
| off | Unit is powered off. |
SYS | flashing amber | Unit is performing diagnostics. |
| solid amber | Unit has failed diagnostics. |
| green | Unit is operational. |
VPN | off | No VPN tunnel exists. |
| amber | Tunnel has failed. |
| green | Tunnel is established. |
The LEDs on the rear of the VPN 3002 indicate the status of the Private and Public Interfaces.
LED Indicator (Rear) | Explanation |
Green | Interface is connected to the network. |
OFF | Interface is not connected to the network. |
Flashing amber | Traffic is traveling across the interface. |
If you have configured the VPN 3002, and you are unable to connect to or pass data to the central-site Concentrator, use this section to analyze the problem. Also, use the next section of this Appendix to check the settings on the Concentrator to which this VPN 3002 connects.
Problem/symptom | Possible solution |
---|---|
Tunnel is not up/not passing data. |
|
| Make sure that the power cable is plugged into the VPN
3002 and a power outlet.
|
| Unit has failed diagnostics. Contact Cisco Support
immediately.
|
| 1. Verify that the VPN 3000 Series Concentrator to which this VPN 3002 connects is running version 3.0 software. 2. Navigate to Monitoring > System Status. Click Connect Now. |
| 1. Check that a LAN cable is properly attached to the Public interface of the VPN 3002. 2. Make sure the IP address for the Public interface is properly configured. |
| 1. Make sure the default gateway is properly configured. 2. Contact your ISP. |
|
1. Make sure the IPSec parameters are properly configured. Verify: 2. Make sure the Group and User names and passwords match those set for this VPN 3002 on the central-site Concentrator. 3. After you make any changes, navigate to Monitoring > System Status and click Connect Now. 4. Study the event log files. To capture more events, and to interpret events, see Chapter 9, Events, in the VPN 3002 Hardware Client User Guide. |
My PC can't communicate with the remote network. | 1. Verify that the VPN 3000 Series Concentrator to which this VPN 3002 connects is running version 3.0 software. 2. Navigate to Monitoring > System Status and click Connect Now. |
Connect Now worked. |
|
| Make sure that a LAN cable is properly attached to the Private interface of the VPN 3002 and the PC. |
| 1. Is this PC configured as a DHCP client? If so, verify that the DHCP server on the VPN 3002 is enabled. 2. With any method of address assignment, verify that the PC got an IP address and subnet mask. |
| 1. Make sure your PC has an appropriate IP address, reachable on this network. 2. Contact your network administrator. |
If your VPN 3002 experiences connectivity problems, check the configuration of the VPN 3000 Series Concentrator.
1. Configure the connection as a Client, NOT LAN-to-LAN.
2. Assign this VPN 3002 to a group. Configure Group and User names and passwords. These must match the Group and User names and passwords that you set on the VPN 3002. See Chapter 14, User Management, in the VPN 3000 Concentrator Series User Guide.
3. If the VPN 3002 uses PAT mode, enable a method of address assignment for the VPN 3002: DHCP, address pools, per user, or client specified. See Chapter 6, Address Management in the VPN 3000 Concentrator Series User Guide.
4. If you are using Network Extension mode, configure a default gateway or a static route to the Private network of the VPN 3002. See Chapter 8, IP Routing, in the VPN 3000 Concentrator Series User Guide.
5. Check the Event log. See Chapter 10, Events, in the VPN 3000 Concentrator Series User Guide.
These errors may occur while using the HTML-based VPN 3002 Hardware Client Manager with a browser.
Problem | Possible cause | Solution |
---|---|---|
You clicked the Refresh or Reload button on the browser's navigation toolbar, and the Manager logged out. The main login screen appears. | To protect access security, clicking Refresh / Reload on the browser's toolbar automatically logs out the Manager session. | Do not use the browser's navigation toolbar buttons with the VPN 3002 Hardware Client Manager. Use only the Manager's Refresh button where it appears on a screen. We recommend that you hide the browser's navigation toolbar to prevent mistakes. |
Problem | Possible cause | Solution |
---|---|---|
You clicked the Back or Forward button on the browser's navigation toolbar, and the Manager displayed the wrong screen or incorrect data. | To protect security and the integrity of data entries, clicking Back or Forward on the browser's toolbar deletes pointers and values within the Manager. | Do not use the browser's navigation toolbar buttons with the VPN 3002 Hardware Client Manager. Navigate using the location bar at the top of the Manager window, the table of contents in the left frame, or links on Manager screens. We recommend that you hide the browser's navigation toolbar to prevent mistakes. |
The Manager displays the Invalid Login or Session Timeout screen
Problem | Possible cause | Solution |
---|---|---|
You entered an invalid administrator login name/password combination. |
| Re-enter the login name and password, and click Login. Use a valid login name and password. Verify your typing before clicking Login. |
The Manager session has been idle longer than the configured timeout interval. |
| On the Administration | Access Rights | Access Settings screen, change the Session Timeout interval to a larger value and click Apply. |
The Manager displays a screen with the message: Error / An error has occurred while attempting to perform the operation. An additional error message describes the erroneous operation.
Problem | Possible cause | Solution |
---|---|---|
You tried to perform some operation that is not allowed. | The screen displays a message that describes the cause. | Click Retry the operation to return to the screen where you were working and correct the mistake. Carefully check all your previous entries on that screen. The Manager attempts to retain valid entries, but invalid entries are lost. Click Go to main menu to go to the main Manager screen. |
The Manager displays a screen with the message: Not Allowed / You do not have sufficient authorization to access the specified page.
Problem | Possible cause | Solution |
---|---|---|
You tried to access an area of the Manager that you do not have authorization to access. |
| Log in using the system administrator login name and password. (Defaults are Log in from a workstation with greater access privileges. Have the system administrator change your privileges on the Administration | Access Rights | Administrators screen. Have the system administrator change the privileges of your workstation on the Administration | Access Rights | Access Control List screen. |
The Manager displays a screen with the message: Not Found/An error has occurred while attempting to access the specified page. The screen includes additional information that identifies system activity and parameters.
Problem | Possible cause | Solution |
---|---|---|
The Manager could not find a screen. |
| Clear the browser's cache: delete its temporary internet files, history files, and location bar references. Then try again. |
|
| Please note the system information on the screen and contact Cisco support personnel for assistance. |
Microsoft Internet Explorer displays a Script Error dialog box that includes the error message: No such interface supported.
Problem | Possible cause | Solution |
---|---|---|
While using a Manager function that opens another browser window (such as Save Needed, Help, Software Update, etc.), Internet Explorer cannot open the window and displays the error dialog box. | A bug in the Internet Explorer JavaScript interpreter. | 1. Click No on the error dialog box. 2. Log out of the Manager. 3. Close Internet Explorer. 4. Reinstall Internet Explorer. |
These errors may occur while using the menu-based Command Line Interface from a console or Telnet session.
Problem | Possible cause | Solution |
---|---|---|
The system expected a valid 4-byte dotted decimal entry, and the entry wasn't in that format. |
| At the prompt, re-enter a valid 4-byte dotted decimal number. |
Problem | Possible cause | Solution |
---|---|---|
The system expected a number within a certain range, and the entry was outside that range. |
| At the prompt, re-enter a number in the appropriate range. |
Problem | Possible cause | Solution |
---|---|---|
The entry for a password and the entry to verify the password do not match. |
| At the |
Posted: Tue Nov 19 15:18:05 PST 2002
Copyright 1989-2000©Cisco Systems Inc.