Learning and implementing effective troubleshooting techniques is essential to protect your network. Cisco Network Security Troubleshooting Handbook prepares you to systematically troubleshoot your network's security devices and presents step-by-step procedures for tackling issues that arise so that you can protect your network and avoid costly down time for your enterprise.
Goals and Methods
Cisco.com documentation, along with other texts on Cisco network security devices, is invaluable in providing information that is required in understanding different products. Unfortunately, this information is scattered in different places, and different text. My motivation in writing this book is to give you the technique and approach that I and other TAC engineers use to troubleshoot an issue on different Cisco network security devices. The book brings all the tools and techniques scattered around different places in Cisco.com into a centralized location, which not only will help readers to quickly identify the tools and commands required to diagnose a problem, but will help in escalating the issue to the Cisco Support team in a timely manner, with all the required information to resolve the issue faster.
Every chapter of this text will help you understand the configuration and troubleshooting of Cisco network security products on the following topics:
Overview of every product
Diagnostic tools and commands available
Categorization of the problem areas of every product
Common problems and resolutions
Who Should Read This Book?
This book is not designed to be a general security design or configuration topics book, although it can be used for that purpose. This book is intended to tremendously increase your ability to troubleshoot Cisco network security products efficiently. You can also use this book for preparing for the CCIE Security exam, but that's not the ultimate intention. The main purpose of this book is to provide a one-stop, comprehensive troubleshooting solution for Cisco network security products deployed in the enterprise network.
Strategies for Becoming an Efficient Troubleshooter
There are several ways that you can develop the skills required to be an efficient Cisco network security troubleshooter. While some people take a systematic approach and try to understand the products in greater depth, and then troubleshoot the issue efficiently; others learn it on the job without in-depth understanding of the product. This book can be used in both ways.
How This Book Is Organized
Although this book could be read cover-to-cover, it is designed to be flexible and allow you to move easily between chapters, and sections of chapters, to cover just the material that you need more work with.
The chapters cover the following topics:
Chapter 1, "Troubleshooting Methods" This chapter discusses the Troubleshooting techniques for Cisco network security and some of challenges that need to be overcome for troubleshooting problems efficiently.
Chapter 2, "Understanding Troubleshooting Tools" This chapter discusses some of the basic tools available to determine the facts of the problem. More product-specific tools and commands are discussed in the product-specific chapter.
Chapter 3, "Troubleshooting Cisco Secure PIX Firewalls" This chapter discusses the new features available on PIX Firewall Version 7.0 and ASA platform. In-depth troubleshooting tips and techniques are discussed thoroughly in this chapter. This chapter provides the foundation knowledge required to understand Chapters 4 and 5.
Chapter 4, "Troubleshooting Firewall Services Module" Firewall Services Module provides the same functionality as PIX Firewall with complex architecture. This chapter doesn't repeat the information discussed in Chapter 3, but discusses the configuration and troubleshooting of the issues that are specific to FWSM.
Chapter 5, "Troubleshooting an IOS Firewall" This chapter examines the configuration and troubleshooting of CBAC, one of the IOS firewalls, in detail. Auth-proxy is discussed in the case study section of this chapter.
Chapter 6, "Troubleshooting IPSec VPNs on IOS Routers" This chapter provides a brief overview of the IPSec protocol, which is the foundation information required for Chapters 7 and 8. Configuration and troubleshooting aspects are examined in greater depth for both LAN-to-LAN and Remote Access VPN connection using IPSec protocol only. DMVPN, an extension of LAN-to-LAN IPSec VPN tunnel, is discussed in this chapter in greater detail.
Chapter 7, "Troubleshooting IPSec VPN on PIX Firewalls" This chapter covers configuration and troubleshooting of IPSec VPN on the PIX Firewalls/ASA platform.
Chapter 8, "Troubleshooting IPSec VPNs on VPN 3000 Series Concentrators" This chapter covers configuration and troubleshooting of both LAN-to-LAN and Remote Access VPN connections using the IPSec protocol on VPN 3000 Series Concentrators. Web VPN and SSL VPN are discussed in greater detail in this chapter.
Chapter 9, "Troubleshooting AAA on IOS Routers" AAA and the protocols that implement AAA framework are discussed in this chapter, which is the foundation knowledge required for Chapters 10, 11, and 12. Specific AAA implementation and troubleshooting of the RADIUS and TACACS+ protocols are discussed in greater detail.
Chapter 10, "Troubleshooting AAA on PIX Firewalls and FWSM" Based on the knowledge gained from Chapter 9, this chapter explores configuration and troubleshooting issues in AAA implementation for PIX management and cut-through proxy authentication (for the traffic through the PIX firewall). This discussion is based on PIX Firewall Version 7.0.
Chapter 11, "Troubleshooting AAA on the Switches" Configuration and troubleshooting of AAA implementation for both Switch management and Identity-based Network Services (IBNS) are discussed in greater detail.
Chapter 12, "Troubleshooting AAA on VPN 3000 Series Concentrator" AAA can be used for both VPN 3000 Series Concentrator management and VPN connections. Both of these options are discussed in detail in this chapter.
Chapter 13, "Troubleshooting Cisco Secure ACS on Windows" This chapter discusses the configuration and troubleshooting of Cisco Security ACS on Windows. This same information also can be used for ACS Appliance.
Chapter 14, "Troubleshooting Cisco Intrusion Prevention System" This chapter discusses the configuration and troubleshooting of IPS 5.0 version on the IPS Appliance. This chapter also builds up the foundation for Chapters 15 and 16.
Chapter 15, "Troubleshooting IDSM-2 Blade on Switch" IDSM-2 runs the same software on the appliance that is discussed in Chapter 14, so the same information is not discussed in this chapter. IPS specific to IDSM-2 blade is discussed in this chapter.
Chapter 16, "Troubleshooting Cisco IDS network module (NM-CIDS)" NM-CIDS is an IPS blade that runs on the router, which is discussed thoroughly in this chapter. The IPS feature is discussed in Chapter 14.
Chapter 17, "Troubleshooting Common Services" Common Services is a component of the VMS bundle that installs other reporting and management components, such as Firewall MC, Router MC, Security Monitor, and so on. Troubleshooting of Common Services is discussed thoroughly in this chapter.
Chapter 18, "Troubleshooting IDM and IDS/IPS Management Console (IDS/IPS MC)" This chapter discusses the configuration and troubleshooting of IDM and IPS Console (IPS MC), which is part of VMS to manage sensors.
Chapter 19, "Troubleshooting Firewall MC" This chapter discusses the configuration and troubleshooting of Firewall MC, which is a component of VMS to manage the PIX firewall, FWSM, and ASA 5500 series appliances.
Chapter 20, "Troubleshooting Router MC" This chapter discusses the configuration and troubleshooting of Router MC, which is used to manage VPN configuration on the router.
Chapter 21, "Troubleshooting Cisco Security Agent Management Console (CSA MC) and CSA Agent" This chapter discusses configuration and troubleshooting of the host-based IPS solution, which is used to protect the hosts from malicious activities.
Chapter 22, "Troubleshooting IEV and Security Monitors" The primary focus of this chapter is to discuss the configuration and troubleshooting of Security Monitor, which is a component of VMS that can be used to receive events from Firewall, CSA, IPS sensors, and so on. Based on the events received, user-friendly reports can be generated based on different criteria. This chapter focuses on some of issues that may arise during run time.