- Preface
- Chapter 1 - Overview
- Chapter 2 - Audit Troubleshooting
- Chapter 3 - Billing Troubleshooting
- Chapter 4 - Call Processing Troubleshooting
- Chapter 5 - Configuration Troubleshooting
- Chapter 6 - Database Troubleshooting
- Chapter 7 - Maintenance Troubleshooting
- Chapter 8 - Operations Support System Troubleshooting
- Chapter 9 - Security Troubleshooting
- Chapter 10 - Signaling Troubleshooting
- Chapter 11 - Statistics Troubleshooting
- Chapter 12 - System Troubleshooting
- Chapter 13 - Network Troubleshooting
- Chapter 14 - General Troubleshooting
- Chapter 15 - Diagnostic Tests
- Chapter 16 - Disaster Recovery Procedures
- Chapter 17 - Disk Replacement
- Appendix A - Recoverable and Nonrecoverable Error Codes
- Appendix B - System Usage of MGW Keepalive Parameters
- Appendix C - Overload Control
- Glossary
- Introduction
- Security Events and Alarms
- Monitoring Security Events
- Test Report—Security (1)
- Invalid Credentials Presented by a Session Initiation Protocol Phone—Security (2)
- Internet Protocol Security Connection Down—Security (3)
- Internet Protocol Security Media Terminal Adapter Key Establish Error—Security (4)
- Internet Protocol Security Outgoing Security Association Not Found—Security (5)
- Secure Session Initiation Protocol Endpoint Validation Failure—Security (6)
- Authentication Based On Credentials Failed—Security (7)
- Troubleshooting Security Alarms
Security Troubleshooting
Introduction
This chapter provides the information needed for monitoring and troubleshooting security events and alarms. This chapter is divided into the following sections:
•
Security Events and Alarms—Provides a brief overview of each security event and alarm
•Monitoring Security Events—Provides the information needed for monitoring and correcting the security events
•Troubleshooting Security Alarms—Provides the information needed for troubleshooting and correcting the security alarms
Security Events and Alarms
This section provides a brief overview of the security events and alarms for the Cisco BTS 10200 Softswitch; the event and alarms are arranged in numerical order. Table 9-1 lists all of the security events and alarms by severity.
Note Refer to the "Obtaining Documentation and Submitting a Service Request" section on page l for detailed instructions on contacting Cisco TAC and opening a service request.
Note Click the Security message number in Table 9-1 to display information about the event or alarm.
|
|
|
|
|
|
|
|---|---|---|---|---|---|
Security (1)
Table 9-2 lists the details of the Security (1) informational event. For additional information, refer to the "Test Report—Security (1)" section.
Description |
Test Report |
Severity |
Information |
Threshold |
100 |
Throttle |
0 |
Security (2)
Table 9-3 lists the details of the Security (2) warning event. To monitor and correct the cause of the event, refer to the "Invalid Credentials Presented by a Session Initiation Protocol Phone—Security (2)" section.
Security (3)
Table 9-4 lists the details of the Security (3) major alarm. To troubleshoot and correct the cause of the alarm, refer to the "Internet Protocol Security Connection Down—Security (3)" section.
Security (4)
Table 9-5 lists the details of the Security (4) warning event. To monitor and correct the cause of the event, refer to the "Internet Protocol Security Media Terminal Adapter Key Establish Error—Security (4)" section.
Security (5)
Table 9-6 lists the details of the Security (5) warning event. To monitor and correct the cause of the event, refer to the "Internet Protocol Security Outgoing Security Association Not Found—Security (5)" section.
Security (6)
Table 9-7 lists the details of the Security (6) warning event. To monitor and correct the cause of the event, refer to the "Secure Session Initiation Protocol Endpoint Validation Failure—Security (6)" section.
Security (7)
Table 9-8 lists the details of the Security (7) warning event. To monitor and correct the cause of the event, refer to the "Authentication Based On Credentials Failed—Security (7)" section.
Monitoring Security Events
This section provides the information you need for monitoring and correcting security events. Table 9-9 lists all of the security events in numerical order and provides cross-references to each subsection.
Note Refer to the "Obtaining Documentation and Submitting a Service Request" section on page l for detailed instructions on contacting Cisco TAC and opening a service request.
|
|
|
|
|---|---|---|
Security (1) |
Information |
|
Security (2) |
Invalid Credentials Presented by a Session Initiation Protocol Phone—Security (2) |
Warning |
Security (3) |
Major |
|
Security (4) |
Internet Protocol Security Media Terminal Adapter Key Establish Error—Security (4) |
Warning |
Security (5) |
Internet Protocol Security Outgoing Security Association Not Found—Security (5) |
Warning |
Security (6) |
Secure Session Initiation Protocol Endpoint Validation Failure—Security (6) |
Warning |
Security (7) |
Warning |
Test Report—Security (1)
The Test Report event is for testing the security event category. The event is informational and no further action is required.
Invalid Credentials Presented by a Session Initiation Protocol Phone—Security (2)
The Invalid Credentials Presented by a Session Initiation Protocol Phone event serves as a warning that credentials in a SIP request are not valid. To correct the cause of the event, ensure that password provisioned on the SIP phone matches the value provisioned in the Cisco BTS 10200.
Internet Protocol Security Connection Down—Security (3)
The Internet Protocol Security Connection Down alarm (major) indicates that the IP security engine is not running. To troubleshoot and correct the cause of the Internet Protocol Security Connection Down alarm, refer to the "Internet Protocol Security Connection Down—Security (3)" section.
Internet Protocol Security Media Terminal Adapter Key Establish Error—Security (4)
The Internet Protocol Security Media Terminal Adapter Key Establish Error event serves as a warning that the IPSEC MTA key establishment failed. The primary cause of the event is that a failure to establish the IPSEC keys to a given MTA using Kerberized key management protocol occurred. To correct the primary cause of the event, validate Kerberos provisioning and MTA device provisioning.
Internet Protocol Security Outgoing Security Association Not Found—Security (5)
The Internet Protocol Security Outgoing Security Association Not Found event serves as a warning that the KMS is unable to find a provisioned device to establish the needed SA. To correct the primary cause of the event, remove or modify the security policy which caused the `SA not found' error.
Secure Session Initiation Protocol Endpoint Validation Failure—Security (6)
The Secure Session Initiation Protocol Endpoint Validation Failure event serves as a warning that a secure SIP endpoint validation failed. The primary cause of the event is that the Cisco BTS 10200 is incorrectly provisioned. To correct the primary cause of the event, check if correct value of secure-fqdn is provisioned in the Cisco BTS 10200 system. The secondary cause of the event is that the DNS is incorrectly provisioned. To correct the secondary cause of the event, verify resolution of secure-fqdn in the DNS. The ternary cause of the event is that the CPE is incorrectly provisioned. To correct the ternary cause of the event, verify the CPE provisioning to ensure that the correct source IP/contact being used.
Authentication Based On Credentials Failed—Security (7)
The Authentication Based On Credentials Failed event serves as a warning that an authentication based on username and password credentials had failed. The primary cause of the event is that the associated trunk group provided invalid credentials. To correct the primary cause of the event, correct the provisioning of the username and password credentials at the trunk group.
Troubleshooting Security Alarms
This section provides the information you need for monitoring and correcting security alarms. Table 9-10 lists all of the security alarms in numerical order and provides cross-references to each subsection.
Note Refer to the "Obtaining Documentation and Submitting a Service Request" section on page l for detailed instructions on contacting Cisco TAC and opening a service request.
|
|
|
|
|---|---|---|
Security (3) |
Major |
Internet Protocol Security Connection Down—Security (3)
The Internet Protocol Security Connection Down alarm (major) indicates that the IP security engine is not running. The primary cause of the alarm is that the KMS has failed to establish the pf_key socket with the IPSEC engine. The alarm implies that the IPSEC engine is not running and that it may not be installed. To correct the primary cause of the alarm, verify that IPSEC is installed and running in the kernel and reboot the platform. If problem persists or is recurrent, contact Cisco TAC.
Feedback