- Overview
- Using Troubleshooting Tools
- Troubleshooting Installation Issues
- Troubleshooting Licensing Issues
- Troubleshooting Module Issues
- Troubleshooting Policy Engine Issues
- Troubleshooting High Availability Issues
- Troubleshooting System Issues
- Troubleshooting Cisco VSG Flow Issues on KVM VEM Module
- Before Contacting Technical Support
Troubleshooting Cisco VSG Flow Issues on KVM VEM Module
This chapter describes how to troubleshoot Cisco Virtual Security Gateway (VSG) flow issues on KVM VEM module.
Understanding KLM Flow Messages
The Cisco vPath support on KVM is limited to a VSG type service node. The flows are offloaded to the KLM when the VSG decides to offload a PERMIT or DENY action to the VEM. When offloaded, KLM flows with following actions are created: vpath_permit, vpath_permit_tcp, and vpath_deny. Table 9-1 lists the messages generated:
Troubleshooting TCP State Connection Objects
When TCP permit flows are offloaded to the KLM, connection objects are programmed in the KLM to facilitate TCP state verification, which is performed as part of the vpath_permit_tcp action.You can use the vem cmd show klm vpath command to list statistics related to TCP state connection objects:
num_conns: Indicates the number of connection objects currently programmed in the KLM.
Note The remaining stats indicate the number of times operations have been performed to add, delete, fetch, and set connection objects in the KLM.