Troubleshooting and System Errors

PWR

Green

Unit is on and has power.

Off

Unit is powered off.

SYS

Flashing amber

Unit is performing diagnostics.

Solid amber

Unit has failed diagnostics.

Flashing green

Unit is negotiating DHCP or PPPoE.

Green

Unit is operational.

VPN

Off

No VPN tunnel exists.

Amber

Tunnel has failed.

Green

Tunnel is established.

Green

Interface is connected to the network.

OFF

Interface is not connected to the network.

Flashing amber

Traffic is traveling across the interface.

Tunnel is not up or not passing data.

PWR LED is off.

Make sure that the power cable is plugged into the VPN 3002 and a power outlet.

SYS LED is solid amber.

Unit has failed diagnostics. Contact Cisco Support immediately.

You see this LED display:

PWR = green
SYS LED = green
VPN LED = off.

1. Verify that the VPN Concentrator to which this VPN 3002 connects is running version 3.0 software.

2. Navigate to Monitoring > System Status. Click on Connect Now.

Connect Now did not bring up the tunnel, and the public interface LED (rear of unit) is off.

1. Check that a LAN cable is properly attached to the public interface of the VPN 3002.

2. Make sure the IP address for the public interface is properly configured.

Public interface LED is on, but attempting to ping the default gateway (Administration > Ping) yields no response.

1. Make sure the default gateway is properly configured.

2. Contact your ISP.

VPN LED is solid amber (tunnel failed to establish to central-site VPN Concentrator).

1. Make sure the IPSec parameters are properly configured. Verify:

• Public IP Address of the IKE peer (central-site VPN Concentrator) is correct.
  
  
• Group name and password are correct.
  
  
• User name and password are correct.
  
  

2. Make sure the group and user names and passwords match those set for the VPN 3002 on the central-site VPN Concentrator.

3. After you make any changes, navigate to Monitoring > System Status and click on Connect Now.

4. Study the event log files. To capture more events, and to interpret events, see Chapter 9, "Events," in the VPN 3002 Hardware Client User Reference.

My PC cannot communicate with the remote network.

1. Verify that the VPN Concentrator to which this VPN 3002 connects is running version 3.0 software.

2. Navigate to Monitoring > System Status and click on Connect Now.

Connect Now worked.

LED(s) for the private interface/switch port are off.

Make sure that a LAN cable is properly attached to the private interface of the VPN 3002 and the PC.

LED(s) for the private interface/switch port are on.

1. Is this PC configured as a DHCP client? If so, verify that the DHCP server on the VPN 3002 is enabled.

2. With any method of address assignment, verify that the PC has an IP address and subnet mask.

Attempting to ping the default gateway (Administration > Ping) yields no response.

1. Make sure your PC has an appropriate IP address, reachable on this network.

2. Contact your network administrator.

You entered an invalid administrator login-name and password combination

• Typing error.
  
  
• Invalid (unrecognized) login name or password.
  
  

• Reenter the login name and password, and click on Login.
  
  
• Use a valid login name and password.
  
  
• Verify your typing before clicking on Login.
  
  

The Manager session has been idle longer than the configured timeout interval. (The default timeout interval is 600 seconds, which equals 10 minutes).

• No activity has occurred for (interval) seconds. The Manager resets the inactivity time only when you click on an action button such as Apply, Add, or Cancel, or a link on a screen that invokes a different screen. Entering values or setting parameters on a given screen does not reset the timer.
  
  
• The timeout interval is set too low for normal use.
  
  

On the Administration | Access Rights | Access Settings screen, change the Session Timeout interval to a larger value and click on Apply.

You clicked on the Refresh or Reload button on the browser navigation toolbar, and the Manager logged out. The main login screen displays.

To protect access security, clicking on Refresh or Reload on the browser toolbar automatically logs out the Manager session.

Do not use the browser navigation toolbar buttons with the VPN 3002 Hardware Client Manager.

Use only the Manager Refresh button where it appears on a screen.

We recommend that you hide the browser navigation toolbar to prevent mistakes.

You clicked on the Back or Forward button on the browser navigation toolbar, and the Manager displayed the wrong screen or incorrect data.

To protect security and the integrity of data entries, clicking on Back or Forward on the browser toolbar deletes pointers and values within the Manager.

Do not use the browser navigation toolbar buttons with the VPN 3002 Hardware Client Manager.

Navigate using the location bar at the top of the Manager window, the table of contents in the left frame, or links on Manager screens.

We recommend that you hide the browser navigation toolbar to prevent mistakes.

You tried to perform some operation that is not allowed.

The screen displays a message that describes the cause.

• Click on Retry the operation to return to the screen where you were working and correct the mistake. Carefully check all your previous entries on that screen. The Manager attempts to retain valid entries, but invalid entries are lost.
  
  
• Click on Go to main menu to go to the main Manager screen.
  
  

You tried to access an area of the Manager that you do not have authorization to access.

• You logged in using an administrator login name that has limited privileges.
  
  
• You logged in from a workstation that has limited access privileges.
  
  

• Log in using the system administrator login name and password. (Defaults are admin / admin.)
  
  
• Log in from a workstation with greater access privileges.
  
  
• Have the system administrator change your privileges on the Administration |
  Access Rights | Administrators screen.
  
  
• Have the system administrator change the privileges of your workstation on the Administration | Access Rights | Access Control List screen.
  
  

The Manager could not find a screen.

• You updated the software image and did not clear the browser's cache.
  
  

Clear the browser's cache: delete its temporary internet files, history files, and location bar references. Then try again.

• There is an internal Manager error.
  
  

Please note the system information on the screen and contact Cisco support personnel for assistance.

While using a Manager function that opens another browser window (such as Save Needed, Help, Software Update, etc.), Internet Explorer cannot open the window and displays the error dialog box.

A bug in the Internet Explorer JavaScript interpreter.

1. Click on No on the error dialog box.

2. Log out of the Manager.

3. Close Internet Explorer.

4. Reinstall Internet Explorer.

ERROR:-- Bad IP Address/Subnet Mask/Wildcard Mask/Area ID

The system expected a valid 4-byte dotted decimal entry, and the entry was not in that format.

• You entered something other than a 4-byte dotted decimal number. You might have omitted a byte position, or entered a number greater than 255 in a byte position.
  
  
• You entered 0.0.0.0 instead of an appropriate address.
  
  

At the prompt, reenter a valid 4-byte dotted decimal number.

ERROR:-- Out of Range value entered. Try again.

The system expected a number within a certain range, and the entry was outside that range.

• You entered a letter instead of a number.
  
  
• You entered a number greater than the possible menu numbers.
  
  

At the prompt, reenter a number in the appropriate range.

ERROR:-- The Passwords do not match. Please try again.

The entry for a password and the entry to verify the password do not match.

• You mistyped an entry.
  
  
• You entered either a password or verify entry, but not the other.
  
  

At the Verify prompt, reenter the password. If the original password is incorrect, press Enter and reenter both the password and the verification at the prompts.