Troubleshooting Guide
Chapter 9 - Security Troubleshooting
Downloads: This chapterpdf (PDF - 372.0KB) The complete bookPDF (PDF - 7.16MB) | Feedback

Security Troubleshooting

Table Of Contents

Security Troubleshooting

Introduction

Security Events and Alarms

SECURITY (1)

SECURITY (2)

SECURITY (3)

SECURITY (4)

SECURITY (5)

Monitoring Security Events

Test Report - Security (1)

Invalid Credentials Presented by a Session Initiation Protocol Phone - Security (2)

Internet Protocol Security Connection Down - Security (3)

Internet Protocol Security Media Terminal Adapter Key Establish Error - Security (4)

Internet Protocol Security Outgoing Security Association Not Found - Security (5)

Troubleshooting Security Alarms

Internet Protocol Security Connection Down - Security (3)


Security Troubleshooting


Revised: October 23, 2008, OL-11335-06

Introduction

This chapter provides the information needed to monitor and troubleshoot Security events and alarms. This chapter is divided into the following sections:

Security Events and Alarms - Provides a brief overview of each Security event and alarm.

Monitoring Security Events - Provides the information needed to monitor and correct Security events.

Troubleshooting Security Alarms - Provides the information needed to troubleshoot and correct Security alarms.

Security Events and Alarms

This section provides a brief overview of the Security events and alarms for the Cisco BTS 10200 Softswitch in numerical order. Table 9-1 lists all of the Security events and alarms by severity.


Note Click the Security message number in Table 9-1 to display information about the event or alarm.


Table 9-1 Security Events and Alarms by Severity 

CRITICAL
MAJOR
MINOR
WARNING
INFO
 

SECURITY (3)

 

SECURITY (2)

SECURITY (1)

     

SECURITY (4)

 
     

SECURITY (5)

 

SECURITY (1)

For additional information, refer to the "Test Report - Security (1)" section.

DESCRIPTION

Test Report

SEVERITY

Information (INFO)

THRESHOLD

100

THROTTLE

0


SECURITY (2)

To monitor and correct the cause of the event, refer to the "Invalid Credentials Presented by a Session Initiation Protocol Phone - Security (2)" section.

DESCRIPTION

Invalid Credentials Presented by a Session Initiation Protocol Phone (Invalid Credentials Presented by a SIP Phone)

SEVERITY

WARNING

THRESHOLD

100

THROTTLE

0

DATAWORDS

Authentication User Name - STRING [33]
From AOR - STRING [65]
SIP Request Type - STRING [15]
Sender IP - STRING [20]

PRIMARY
CAUSE

Invalid credentials in Session Initiation Protocol (SIP) request.

PRIMARY
ACTION

Ensure password on SIP phone matches value provisioned in Cisco BTS 10200 Softswitch.


SECURITY (3)

To troubleshoot and correct the cause of the alarm, refer to the "Internet Protocol Security Connection Down - Security (3)" section.

DESCRIPTION

Internet Protocol Security Connection Down (IPSEC Connection Down)

SEVERITY

MAJOR

THRESHOLD

100

THROTTLE

0

PRIMARY
CAUSE

Kerberized management server (KMS) fails to establish the pf_key socket with the Internet Protocol security (IPSEC) engine. Implies that the IPSEC engine is not running and that it may not be installed.

PRIMARY
ACTION

1. Verify that IPSEC is installed and running in the kernel.
2. Reboot.
3. If problem persists, call the Technical Assistance Center (TAC). (Contact Cisco TAC.)


Refer to the "Obtaining Technical Assistance" section on page xxxviii for detailed instructions on contacting Cisco TAC and opening a service request.

SECURITY (4)

To monitor and correct the cause of the event, refer to the "Internet Protocol Security Media Terminal Adapter Key Establish Error - Security (4)" section.

DESCRIPTION

Internet Protocol Security Media Terminal Adapter Key Establish Error (IPSEC MTA Key Establish Error)

SEVERITY

WARNING

THRESHOLD

100

THROTTLE

0

PRIMARY
CAUSE

Failure to establish the IPSEC keys to a given media terminal adapter (MTA) using Kerberized key management protocol.

PRIMARY
ACTION

Validate kerberos and mta device provisioning.


SECURITY (5)

To monitor and correct the cause of the event, refer to the "Internet Protocol Security Outgoing Security Association Not Found - Security (5)" section.

DESCRIPTION

Internet Protocol Security Outgoing Security Association Not Found (IPSEC Outgoing SA Not Found)

SEVERITY

WARNING

THRESHOLD

100

THROTTLE

0

PRIMARY
CAUSE

KMS receives SA-missing msgs from the IPSEC engine and is unable to find a provisioned device to establish the needed security association (SA).

PRIMARY
ACTION

Remove or modify the security policy which caused the "SA not found" error. Assumes that security is provisioned.


Monitoring Security Events

This section provides the information needed to monitor and correct Security events. Table 9-2 lists all Security events in numerical order and provides cross reference to each subsection in this section.


Test Report - Security (1)

The Test Report event is for testing the security event category. The event is informational and no further action is required.

Invalid Credentials Presented by a Session Initiation Protocol Phone - Security (2)

The Invalid Credentials Presented by a Session Initiation Protocol Phone event serves as a warning that credentials in a SIP request are not valid. To correct the cause of the event, ensure that password provisioned on the SIP phone matches the value provisioned in the Cisco BTS 10200 Softswitch.

Internet Protocol Security Connection Down - Security (3)

The Internet Protocol Security Connection Down alarm (major) indicates that the IP security engine is not running. To troubleshoot and correct the cause of the Internet Protocol Security Connection Down alarm, refer to the "Internet Protocol Security Connection Down - Security (3)" section.

Internet Protocol Security Media Terminal Adapter Key Establish Error - Security (4)

The Internet Protocol Security Media Terminal Adapter Key Establish Error event serves as a warning that the IPSEC MTA key establishment failed. The primary cause of the event is that a failure to establish the IPSEC keys to a given MTA using Kerberized key management protocol occurred. To correct the primary cause of the event, validate Kerberos provisioning and MTA device provisioning.

Internet Protocol Security Outgoing Security Association Not Found - Security (5)

The Internet Protocol Security Outgoing Security Association Not Found event serves as a warning that the KMS is unable to find a provisioned device to establish the needed SA. To correct the primary cause of the event, remove or modify the security policy which caused the `SA not found' error.

Troubleshooting Security Alarms

This section provides the information needed to monitor and correct Security alarms. Table 9-3 lists all Security alarms in numerical order and provides cross reference to each subsection in this section.

Table 9-3 Cisco BTS 10200 Softswitch Security Alarms 

Alarm Type
Alarm Name
Alarm Severity

SECURITY(3)

Internet Protocol Security Connection Down - Security (3)

MAJOR


Internet Protocol Security Connection Down - Security (3)

The Internet Protocol Security Connection Down alarm (major) indicates that the IP security engine is not running. The primary cause of the alarm is that the KMS has failed to establish the pf_key socket with the IPSEC engine. The alarm implies that the IPSEC engine is not running and that it may not be installed. To primary cause of the alarm, verify that IPSEC is installed and running in the kernel and reboot the platform. If problem persists or is recurrent, contact Cisco TAC. Refer to the "Obtaining Technical Assistance" section on page xxxviii for detailed instructions on contacting Cisco TAC and opening a service request.