Nortel Networks NN46110-602 Manual do Utilizador

Version 7.00Part No. NN46110-602315900-E Rev 01February 2007Document status: Standard600 Technology Park DriveBillerica, MA 01821-4130Nortel VPN Rout

10 ContentsNN46110-602Appendix BUsing serial PPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165Establ

100 Chapter 4 TroubleshootingNN46110-602Authorization failed. Please try again.Description: This error occurs when the wrong authentication credenti

Chapter 4 Troubleshooting 101Nortel VPN Router TroubleshootingAction: To ensure that the most current data is loaded:1 Close the current policy, if

102 Chapter 4 TroubleshootingNN46110-602

103Nortel VPN Router TroubleshootingChapter 5Packet capture Packet capture (PCAP) is a troubleshooting tool that network administrators and customer s

104 Chapter 5 Packet captureNN46110-602PCAP initially occurs to the RAM buffer. A low priority task writes the RAM buffer to disk files, called the

Chapter 5 Packet capture 105Nortel VPN Router Troubleshooting• limit the traffic that the filters capture• automatically start and stop packet captu

106 Chapter 5 Packet captureNN46110-602Capture typesThe VPN Router captures packets from the following sources:• Physical interfaces, including the

Chapter 5 Packet capture 107Nortel VPN Router TroubleshootingTunnel captures saved to disk are encapsulated with raw IP encapsulation. When you conv

108 Chapter 5 Packet captureNN46110-602A global IP capture object captures packets beginning from the IP header; no Layer 2 header is saved in the c

Chapter 5 Packet capture 109Nortel VPN Router Troubleshooting•A start trigger causes the system to wait for a specific packet before it starts savin

Contents 11Nortel VPN Router TroubleshootingIPX client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

110 Chapter 5 Packet captureNN46110-602You can create new capture objects until the maximum block size reaches 25 Mbyte. (The VPN Router does not al

Chapter 5 Packet capture 111Nortel VPN Router Troubleshooting• Delete a capture object or capture files when you no longer need them to free up memo

112 Chapter 5 Packet captureNN46110-6026 Enter the administrator’s user name and password.Please enter the administrator's user name: adminPlea

Chapter 5 Packet capture 113Nortel VPN Router Troubleshooting10 If you want, you can now change the VPN Router administrator password.CES#configure

114 Chapter 5 Packet captureNN46110-602For example, enter:CES(capture-ethernet)#filepath /ideX/system/log Setting the size of the RAM bufferTo set t

Chapter 5 Packet capture 115Nortel VPN Router TroubleshootingFor example, enter:CES(capture-ethernet)#maxfiles 99Saving captured dataTo set the PCAP

116 Chapter 5 Packet captureNN46110-602For example, enter the following command:CES# capture add test1 ? atm ATM interface capture bri

Chapter 5 Packet capture 117Nortel VPN Router TroubleshootingTo configure a capture object:1 Navigate to Capture Configuration mode by entering the

118 Chapter 5 Packet captureNN46110-602Tunnel capture parametersCapture objects for tunnels have several unique parameters. The following example cr

Chapter 5 Packet capture 119Nortel VPN Router TroubleshootingGlobal IP parametersThe configurable parameters for the global IP capture object are th

12 ContentsNN46110-602

120 Chapter 5 Packet captureNN46110-602In the following example, the show capture command is run with no object name to display a list of all the ca

Chapter 5 Packet capture 121Nortel VPN Router TroubleshootingSample packet capture configurationsThis section provides sample configurations and the

122 Chapter 5 Packet captureNN46110-602To view the status of the running capture object, as well as its configuration, use the show capture command.

Chapter 5 Packet capture 123Nortel VPN Router TroubleshootingTo create and use this capture object, you run commands like the ones illustrated in th

124 Chapter 5 Packet captureNN46110-602After Telnet traffic activates the stop trigger, the show capture command resembles the following example. Th

Chapter 5 Packet capture 125Nortel VPN Router Troubleshooting4 Exit Capture Configuration mode.5 Start the capture.CES#capture add test-remote-ip tu

126 Chapter 5 Packet captureNN46110-6023 Click ethereal-setup-n.nn.n.exe.4 Click a download site and save the executable file on your hard drive.5 D

Chapter 5 Packet capture 127Nortel VPN Router Troubleshooting6 Enter the password that you entered when you enabled packet capture (see “Enabling pa

128 Chapter 5 Packet captureNN46110-602T1 frame relay capture:editcap -F ngsniffer d:\pcap\fr.cap frelay.syc5 From Sniffer Pro, open the .enc file o

Chapter 5 Packet capture 129Nortel VPN Router TroubleshootingTo delete a packet capture object:1 Display all configured capture objects on the VPN R

13Nortel VPN Router TroubleshootingFiguresFigure 1 Admin > SNMP Traps window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

130 Chapter 5 Packet captureNN46110-602

131Nortel VPN Router TroubleshootingAppendix AMIB supportThe VPN Router supports the management information base (MIB) for use with network management

132 Appendix A MIB supportNN46110-602RFC 1724—RIP Version 2 MIB ExtensionThe VPN Router supports RFC 1724, RIP Version 2 MIB Extension. As stated in

Appendix A MIB support 133Nortel VPN Router TroubleshootingRFC 2787—VRRP MIBThe VPN Router supports RFC 2787, Definitions of Managed Objects for the

134 Appendix A MIB supportNN46110-602RFC 1573—IanaIfType MIB This MIB contains the enumerations for rfc2233 ifTable.ifType. These enumerations descr

Appendix A MIB support 135Nortel VPN Router Troubleshooting— hrNetworkTable— hrPrinterTable— hrDiskStorageTablehrDiskStorageCapacity— hrPartitionTab

136 Appendix A MIB supportNN46110-602RFC2863 Interface MIB (64 bit counters support)The support for the following entries was added in the interface

Appendix A MIB support 137Nortel VPN Router Troubleshootingcestraps.mib—Nortel proprietary MIBThis section lists the contents of the cestraps.mib, t

138 Appendix A MIB supportNN46110-602-- The second means packets were dropped due to a detected spoofed address-- The third should never happen, but

Appendix A MIB support 139Nortel VPN Router Troubleshootingnewoak.mibThis section provides the contents of the newoak.mib, which defines the newoak

14 FiguresNN46110-602

140 Appendix A MIB supportNN46110-602Hardware-related trapshardwareTrapInfo OBJECT IDENTIFIER::= {ContivitySnmpTraps 1}-- Trap #1001 hardDisk1Status

Appendix A MIB support 141Nortel VPN Router TroubleshootingACCESS read-onlySTATUS mandatoryDESCRIPTION "Status of the first CPU fan."::=

142 Appendix A MIB supportNN46110-602ACCESS read-onlySTATUS mandatoryDESCRIPTION "Status of 2.5VA power."::= {hardwareTrapInfo 12}-- Tra

Appendix A MIB support 143Nortel VPN Router TroubleshootingACCESS read-onlySTATUS mandatoryDESCRIPTION "The chassis intrusion sensor indicate

144 Appendix A MIB supportNN46110-602Server-related trapsserverTrapInfo OBJECT IDENTIFIER::= {ContivitySnmpTraps 2} -- Trap #3001radiusAcctServer OB

Appendix A MIB support 145Nortel VPN Router TroubleshootingACCESS read-onlySTATUS mandatoryDESCRIPTION "Status of DNS Server."::= {serve

146 Appendix A MIB supportNN46110-602Software-related trapssoftwareTrapInfo OBJECT IDENTIFIER::= {ContivitySnmpTraps 3}-- Trap #5001NetBuffers OBJEC

Appendix A MIB support 147Nortel VPN Router TroubleshootingIntrusion-related trapsintrusionTrapInfo OBJECT IDENTIFIER::= {ContivitySnmpTraps 5}-- Tr

148 Appendix A MIB supportNN46110-602Information passed with every trapSeverityLevel OBJECT-TYPESYNTAX INTEGER{fatal(1),major(2),minor(3),informatio

Appendix A MIB support 149Nortel VPN Router TroubleshootingTable 3 provides trap categories and explanations.Table 3 Trap categories Hardware1.3.

15Nortel VPN Router TroubleshootingTablesTable 1 Field IDs for data collection records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Ta

150 Appendix A MIB supportNN46110-602Table 4 provides descriptions for the VPN Router traps.Server1.3.6.1.4.1.2505.1.2.0.3007 snmpServerTrap1.3.6.1.

Appendix A MIB support 151Nortel VPN Router TroubleshootingProprietary 1.3.6.1.4.1.2505.1.1.0.1009 fiveVoltsPosStatusTrap Status of the +5 Volt powe

152 Appendix A MIB supportNN46110-602Proprietary 1.3.6.1.4.1.2505.1.1.0.10020 t1WANStatusTrap Status of T1 WAN card(s);Possible values for Wanic:Ale

Appendix A MIB support 153Nortel VPN Router TroubleshootingProprietary 1.3.6.1.4.1.2505.1.1.0.10022 hwAccelTrap Status of hardware accelerator card.

154 Appendix A MIB supportNN46110-602Proprietary 1.3.6.1.4.1.2505.1.1.0.10024 v90WANStatusTrap Status of V.90 Interface card.Possible Values:Please

Appendix A MIB support 155Nortel VPN Router TroubleshootingProprietary 1.3.6.1.4.1.2505.1.1.0.10026 serUartStatusTrap Status of Serial (COM) port/in

156 Appendix A MIB supportNN46110-602Proprietary 1.3.6.1.4.1.2505.1.2.0.3005 loadBalancingServerTrap Status of Load Balancing Server.Proprietary 1.3

Appendix A MIB support 157Nortel VPN Router TroubleshootingProprietary 1.3.6.1.4.1.2505.1.2.0.30014 dhcpServerTrap Status of DHCP Server.Possible Va

158 Appendix A MIB supportNN46110-602Proprietary 1.3.6.1.4.1.2505.1.3.0.5007 sslVpnStatusTrap Status of SSL-VPN Accelerator. Possible Values: Disa

Appendix A MIB support 159Nortel VPN Router TroubleshootingStandard 1.3.6.1.2.1.11.0.2 linkDown A linkDown trap signifies that the sending protocol

16 TablesNN46110-602

160 Appendix A MIB supportNN46110-602Standard 1.3.6.1.2.1.11.0.3 linkUp A linkUp trap signifies that the sending protocol entity recognizes that one

Appendix A MIB support 161Nortel VPN Router TroubleshootingStandard 1.3.6.1.2.1.11.0.5 authenticationFailure n authenticationFailure trap signifies

162 Appendix A MIB supportNN46110-602Standard 1.3.6.1.2.1.11.0.2 linkDown A linkDown trap signifies that the sending protocol entity recognizes a fa

Appendix A MIB support 163Nortel VPN Router TroubleshootingStandard 1.3.6.1.2.1.11.0.3 linkUp A linkUp trap signifies that the sending protocol enti

164 Appendix A MIB supportNN46110-602Standard 1.3.6.1.2.1.11.0.5 authenticationFailure An authenticationFailure trap signifies that the SNMPv2 enti

165Nortel VPN Router TroubleshootingAppendix BUsing serial PPPYou use Serial Point-to-Point Protocol (PPP) to manage the VPN Router from a remote loca

166 Appendix B Using serial PPPNN46110-602Setting up a Dial-Up Networking connectionTo establish a Serial PPP connection using a Microsoft Dial-Up N

Appendix B Using serial PPP 167Nortel VPN Router TroubleshootingSetting up the modemThe following procedure assumes that you are using a 3Com/US Rob

168 Appendix B Using serial PPPNN46110-602to access all management services (HTTP, Telnet, FTP, SNMP) through the Web interface. Once you establish

Appendix B Using serial PPP 169Nortel VPN Router TroubleshootingDialing in to the VPN RouterUse the standard dial-up networking procedure to connect

17Nortel VPN Router TroubleshootingPrefaceThis guide provides information about how to manage and troubleshoot the Nortel VPN Router. Before you begin

170 Appendix B Using serial PPPNN46110-602Cause:You were dialed in and managing the VPN Router remotely using PPP and you changed the baud rate and

Appendix B Using serial PPP 171Nortel VPN Router TroubleshootingAction:Make sure that the modem that is connected to the VPN Router has hardware flo

172 Appendix B Using serial PPPNN46110-602

173Nortel VPN Router TroubleshootingAppendix CSystem messagesSystem forwarding (syslog) uses the system logging daemon (syslogd) to forward informatio

174 Appendix C System messagesNN46110-602tCert: Shutdown completeDescription: This informational message indicates that the task responsible for cer

Appendix C System messages 175Nortel VPN Router Troubleshooting2 Manually verify the tunnel-related certificate fingerprints. Perform this procedure

176 Appendix C System messagesNN46110-602Action: Make sure the PFS settings on both sides match. Either enable PFS on the remote side, or disable PF

Appendix C System messages 177Nortel VPN Router TroubleshootingISAKMP [13] Error notification (Authentication failure) received from xxx (a.b.c.d)De

178 Appendix C System messagesNN46110-602ISAKMP [13] Invalid ID information in message from xxx (a.b.c.d)Description: One side of the connection is

Appendix C System messages 179Nortel VPN Router TroubleshootingAction: Remove the existing static route or change the route for the remote network t

18 PrefaceNN46110-602braces ({}) Indicate required elements in syntax descriptions where there is more than one option. You must choose only one of

180 Appendix C System messagesNN46110-602No matching trusted CA certsDescription: None of the certificates in the chain are trusted CA certificates.

Appendix C System messages 181Nortel VPN Router TroubleshootingAction: Make sure the backup file has an 8.3 file name.LDIF file: could not restore x

182 Appendix C System messagesNN46110-602CaAuthServerCollection: authenticate xxx cert [xxx] invalid signature by [xxx] - xxxDescription: The certif

Appendix C System messages 183Nortel VPN Router TroubleshootingAction: Start the LDAP server, or change the external LDAP server configuration to ma

184 Appendix C System messagesNN46110-602Action: Start the LDAP server, or change the external LDAP server configuration to make it accessible.Error

Appendix C System messages 185Nortel VPN Router Troubleshootingxxx xxx being referenced by xxxDescription: The LDAP entry is referenced by another L

186 Appendix C System messagesNN46110-602Session: xxx[xxx]:xxx xxx auth method not allowedDescription: The authentication method of the incoming req

Appendix C System messages 187Nortel VPN Router TroubleshootingSession: xxx[xxx]:xxx IP address assignment failedDescription: An address cannot be a

188 Appendix C System messagesNN46110-602Session: xxx[xxx]:xxx account not allowed nowDescription: The session request is outside the permitted hour

Appendix C System messages 189Nortel VPN Router TroubleshootingSession: xxx[xxx]:xxx invalid password—master admin authentication failedDescription:

Preface 19Nortel VPN Router TroubleshootingAcronymsThis guide uses the following acronyms: vertical line ( | ) Separates choices for command keywor

190 Appendix C System messagesNN46110-602Session: xxx[xxx]:xxx pool address [xxx] already in useDescription: The returned static pool address is cur

Appendix C System messages 191Nortel VPN Router TroubleshootingRADIUS accounting messagesRADIUS: Cannot send accounting request to <server-name&g

192 Appendix C System messagesNN46110-602RADIUS: network socket failure with <server-name>, recvfrom error: <error>Description: This mes

Appendix C System messages 193Nortel VPN Router TroubleshootingAction: Retry authentication attempt and verify that RADIUS server packets are proper

194 Appendix C System messagesNN46110-602RADIUS authentication messagesRADIUS: Cannot send request to <server-name>, possibly due to DNS trans

Appendix C System messages 195Nortel VPN Router TroubleshootingRADIUS: <server-name> server timed out authenticating <user-name>Descript

196 Appendix C System messagesNN46110-602RADIUS: <server-name> sent invalid response packet for <user-name>Description: This message ind

Appendix C System messages 197Nortel VPN Router TroubleshootingAction: Verify that the shared secrets match.RADIUS: <server-name> sent packet

198 Appendix C System messagesNN46110-602RADIUS: <user-name> access DENIED by server <server-name>Description: This message indicates th

Appendix C System messages 199Nortel VPN Router TroubleshootingAction: No action required.Closing OSPF-RTM connectionDescription: OSPF closed the RT

2 NN46110-602Copyright © 2007 Nortel Networks. All rights reserved.The information in this document is subject to change without notice. The statem

20 PrefaceNN46110-602L2TP Layer 2 Tunneling ProtocolLAN local area networkLDAP Lightweight Directory Access ProtocolNAT Network Address Translation

200 Appendix C System messagesNN46110-602Can not accept x.x.x.x as router idDescription: OSPF can not accept the given router ID in the Routing >

Appendix C System messages 201Nortel VPN Router TroubleshootingVR xxx: Starting xxx as Backup for xxxDescription: Logged when starting as a backup f

202 Appendix C System messagesNN46110-602Unable to get configuration for VR xxxDescription: This is an error event that is logged when VRRP is enabl

Appendix C System messages 203Nortel VPN Router TroubleshootingRIP xxx: Circuit xxx deletedDescription: Logged when the RIP circuit is deleted. The

204 Appendix C System messagesNN46110-602RIP xxx: Unable to spawn timer task xxx for RIPDescription: Logged when RIP fails to spawn the timer task.

Appendix C System messages 205Nortel VPN Router TroubleshootingInterface [nnn] replaced, deleting from configDescription: This indicates the card ty

206 Appendix C System messagesNN46110-602

207Nortel VPN Router TroubleshootingAppendix DConfiguring for interoperabilityThis chapter explains the requirements and procedures for setting up dif

208 Appendix D Configuring for interoperabilityNN46110-602Figure 11 VPN Router and Cisco 2514 network topology

Appendix D Configuring for interoperability 209Nortel VPN Router TroubleshootingThe following is a show config command:Cisco2514# show configUsing 1

Preface 21Nortel VPN Router TroubleshootingRelated publicationsFor more information about the Nortel VPN Router, see the following publications:• R

210 Appendix D Configuring for interoperabilityNN46110-602dialer-list 1 protocol ipx permitsnmp-server community public ROline con 0line aux 0line v

Appendix D Configuring for interoperability 211Nortel VPN Router TroubleshootingConfiguring the SafeNet/Soft-PK Security Policy Database Editor, Ver

212 Appendix D Configuring for interoperabilityNN46110-602Connecting to IRE SafeNET/Soft-PK Security Policy ClientTo set up the VPN Router to establ

Appendix D Configuring for interoperability 213Nortel VPN Router Troubleshooting• 8.1.10.42The SafeNet/Soft PX Security Policy Editor dialog box app

214 Appendix D Configuring for interoperabilityNN46110-602The SafeNet/Soft-PK Security Policy Editor dialog box appears. 10 From Security Policy: Se

Appendix D Configuring for interoperability 215Nortel VPN Router Troubleshooting• Authentication Method: Pre-Shared key• Encrypt Alg: DES•Hash Alg:

216 Appendix D Configuring for interoperabilityNN46110-6029 For some vendors, if you want to turn off Vendor ID and/or Perfect Forward Secrecy (PFS)

Appendix D Configuring for interoperability 217Nortel VPN Router TroubleshootingConsiderations for using third-party clientsThere are several consid

218 Appendix D Configuring for interoperabilityNN46110-602• Load Balancing—Traditional load balancers often do not work with the IPsec protocol beca

Appendix D Configuring for interoperability 219Nortel VPN Router Troubleshooting(are correctly decrypted, and authenticated) are accepted; other pac

22 PrefaceNN46110-602Hard-copy technical manualsYou can print selected technical manuals and release notes free, directly from the Internet. Go to

220 Appendix D Configuring for interoperabilityNN46110-602then select a default server certificate from the list. You configure servers from the Sys

Appendix D Configuring for interoperability 221Nortel VPN Router TroubleshootingFigure 13 Split tunneling exampleTo configure the VPN Router as a

222 Appendix D Configuring for interoperabilityNN46110-6026 Selections in the Encryption fields are dependent on the type of encryption that your th

Appendix D Configuring for interoperability 223Nortel VPN Router TroubleshootingNetwork addresses form the basis of the IPX internetwork addressing

224 Appendix D Configuring for interoperabilityNN46110-602Windows 95 and Windows 98 When running Windows 95 or Windows 98, load the intraNetWare* cl

Appendix D Configuring for interoperability 225Nortel VPN Router TroubleshootingFigure 14 IPX topologyNote: The private LAN can also carry IP and

226 Appendix D Configuring for interoperabilityNN46110-602

Nortel VPN Router Troubleshooting227IndexAaccountingdata 40records 38, 39accounting log 38active sessions 96ActiveX Scripts 93administrators

228 IndexNN46110-602SSL 179event log 35, 41ExternalDHCP server 97extinctioninterval 84timeout 84Extranet Accessclient monitor 70connectio

Index 229Nortel VPN Router Troubleshootingmodem hardware errors 82MS-DOS naming convention 97multiple Help windows 95NNetBEUI 77, 83NetBIOS

Preface 23Nortel VPN Router TroubleshootingGetting help from the Nortel Web siteThe best way to get technical support for Nortel products is from t

230 IndexNN46110-602RADIUS accounting 191RADIUS authentication 194routing 198security 181SSL 179TT1/V.35 interface 80technical publicatio

24 PrefaceNN46110-602Getting help through a Nortel distributor or reseller If you purchased a service contract for your Nortel product from a distr

25Nortel VPN Router TroubleshootingNew in this releaseThe following section details what is new in Nortel VPN Router Troubleshooting for Release 7.0.F

26 New in this releaseNN46110-602Automatic backupsYou can now back up a file or a directory, as well as trigger a backup, when a file changes. Prev

27Nortel VPN Router TroubleshootingChapter 1VPN Router administrationThis chapter introduces administrator settings, tools, system configuration, and

28 Chapter 1 VPN Router administrationNN46110-602You use the Administrator Settings window to do the following:• change the primary administrator us

Chapter 1 VPN Router administration 29Nortel VPN Router TroubleshootingDynamic passwordTwo types of administrative users exist on the VPN Router: •

3Nortel VPN Router TroubleshootingPortions of the code in this software product may be Copyright © 1988, Regents of the University of California.

30 Chapter 1 VPN Router administrationNN46110-602The Traceroute tool measures a network round-trip delay. Messages are sent per hop and the wait occ

Chapter 1 VPN Router administration 31Nortel VPN Router TroubleshootingSimple Network Management Protocol (SNMP)Use the Admin > SNMP window to do

32 Chapter 1 VPN Router administrationNN46110-602The traps displayed on the group windows—in particular the Hardware Trap Configuration and the Serv

Chapter 1 VPN Router administration 33Nortel VPN Router TroubleshootingFigure 1 Admin > SNMP Traps window2 Enter a host name or IP address in

34 Chapter 1 VPN Router administrationNN46110-602To configure the amount:CES(config)#ip local pool exhausted-amount <amount>

35Nortel VPN Router TroubleshootingChapter 2Status and loggingThe Status windows show which users are logged on, their traffic demands, and a summary

36 Chapter 2 Status and loggingNN46110-602Most events are sent to the event log first. Significant events from the event log are sent to the system

Chapter 2 Status and logging 37Nortel VPN Router TroubleshootingIf you have multiple VPN Routers throughout the world, use the Greenwich Mean Time (

38 Chapter 2 Status and loggingNN46110-602Accounting The accounting log provides information about user sessions. This log provides last and first n

Chapter 2 Status and logging 39Nortel VPN Router TroubleshootingThe data collection system stores records in text-based files stored in the system/d

4 NN46110-6023. Limitation of Remedies. IN NO EVENT SHALL NORTEL NETWORKS OR ITS AGENTS OR SUPPLIERS BE LIABLE FOR ANY OF THE FOLLOWING: a) DAMAGES

40 Chapter 2 Status and loggingNN46110-602• Summary file that always has exactly five records containing summary data in a file called summary.dc. T

Chapter 2 Status and logging 41Nortel VPN Router TroubleshootingLogsThe VPN Router has several logs that provide different levels of information. Th

42 Chapter 2 Status and loggingNN46110-602As the event log adds information, the oldest entries are overwritten. The event log retains the latest 20

Chapter 2 Status and logging 43Nortel VPN Router TroubleshootingFigure 3 Capture and display filters5 You configure the capture filter and display

44 Chapter 2 Status and loggingNN46110-602Figure 4 Configure Display Entity b Select an Entity from the list.c Select a Subentity from the list.d

Chapter 2 Status and logging 45Nortel VPN Router TroubleshootingSystem logThe system log contains all system events that are considered significant

46 Chapter 2 Status and loggingNN46110-602• communications with servers •LDAP• Remote Authentication Dial-In User Service (RADIUS)Configuration logT

47Nortel VPN Router TroubleshootingChapter 3Administrative tasksThis chapter describes administrative tasks that help you operate the VPN Router. Thes

48 Chapter 3 Administrative tasksNN46110-602RecoveryIn the unlikely event that there is a hard disk crash, use the Recovery window to configure a re

Chapter 3 Administrative tasks 49Nortel VPN Router TroubleshootingThis supplies a minimal configuration utility so that you can view the VPN Router

5Nortel VPN Router TroubleshootingContentsPreface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

50 Chapter 3 Administrative tasksNN46110-602• Select Restore Factory Configuration, then click Restore to return the VPN Router to its original fact

Chapter 3 Administrative tasks 51Nortel VPN Router TroubleshootingYou can use a new factory default software image and file system to restore the VP

52 Chapter 3 Administrative tasksNN46110-60212 Click Synchronize to immediately synchronize the primary and secondary disks. Thereafter, the disks a

Chapter 3 Administrative tasks 53Nortel VPN Router TroubleshootingYou must create a directory on the File Transfer Protocol (FTP) or Secure File Tra

54 Chapter 3 Administrative tasksNN46110-602To enable automatic backup when a file or a directory changes:1 Select Admin > Auto Backup. The Autom

Chapter 3 Administrative tasks 55Nortel VPN Router Troubleshooting7 To back up at certain intervals of time, click Interval and in the Interval text

56 Chapter 3 Administrative tasksNN46110-602Figure 7 Specific Automatic Backup window 14 To see the list of files for a directory, highlight the n

Chapter 3 Administrative tasks 57Nortel VPN Router Troubleshooting22 Click Backup to run the backup to each enabled server now. This action also syn

58 Chapter 3 Administrative tasksNN46110-602Backing up specific files and directoriesTo back up specific files and directories, with the option to d

Chapter 3 Administrative tasks 59Nortel VPN Router TroubleshootingStopping the backup of changes to specific files or directoriesTo stop backing up

6 ContentsNN46110-602Configuring SNMP traps to send notification when an IP address pool reaches the configured threshold . . . . . . . . . . . . . .

60 Chapter 3 Administrative tasksNN46110-602Disabling new loginsYou can prevent clients from connecting to the VPN Router without affecting the user

Chapter 3 Administrative tasks 61Nortel VPN Router Troubleshooting• Nortel Web site• your own FTP site if you previously downloaded the software fro

62 Chapter 3 Administrative tasksNN46110-602Before you upgrade your software, use one of the following methods to make sure there is enough availabl

Chapter 3 Administrative tasks 63Nortel VPN Router Troubleshooting5 Type 5 (Create A User Control Tunnel (IPsec) Profile).6 Enter the user ID that y

64 Chapter 3 Administrative tasksNN46110-602b Click Backup to start the backup immediately. This saves your entire hard drive, including the LDAP an

Chapter 3 Administrative tasks 65Nortel VPN Router TroubleshootingFigure 9 shows an example upgrade to V04_80.114 from server 192.32.250.64. The fil

66 Chapter 3 Administrative tasksNN46110-602• User ID: type the login ID required to gain access to the FTP server where the new VPN Router software

Chapter 3 Administrative tasks 67Nortel VPN Router Troubleshooting— Response Timeout for RADIUS Accounting Server— External RADIUS Accounting Server

68 Chapter 3 Administrative tasksNN46110-6026 Select a system shutdown type of None and click OK.You have successfully upgraded your switch.

69Nortel VPN Router TroubleshootingChapter 4TroubleshootingThis chapter introduces the concepts and practices of advanced network configuration and tr

Contents 7Nortel VPN Router TroubleshootingUsing SFTP to transfer backup files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Sto

70 Chapter 4 TroubleshootingNN46110-602Troubleshooting remote access problems typically starts at the client end when the remote user cannot establi

Chapter 4 Troubleshooting 71Nortel VPN Router TroubleshootingMicrosoft Point-to-Point Tunneling Protocol (PPTP) Dial-Up Networking Monitor provides

72 Chapter 4 TroubleshootingNN46110-602Solving connectivity problemsThis section lists many of the common connectivity problems that occur and their

Chapter 4 Troubleshooting 73Nortel VPN Router Troubleshooting1 Confirm that the modem is attached and working properly by running a terminal emulati

74 Chapter 4 TroubleshootingNN46110-602Remote host not respondingCause: This indicates that the VPN Router never responded to the IPsec connection a

Chapter 4 Troubleshooting 75Nortel VPN Router TroubleshootingAction: Verify that the user name you entered is correct and retype the password before

76 Chapter 4 TroubleshootingNN46110-602Action: Click Connect to re-establish the extranet connection. If this works, the connection was probably los

Chapter 4 Troubleshooting 77Nortel VPN Router TroubleshootingAction: Validate that the VPN Client is configured with a DNS entry. For Windows NT 4.0

78 Chapter 4 TroubleshootingNN46110-602Cannot access Web servers on the Internet after establishing a VPN Client connectionCause: For both PPTP and

Chapter 4 Troubleshooting 79Nortel VPN Router TroubleshootingAlternatively, on NT 4.0, Windows 98, and Windows 95, complete the following steps to c

8 ContentsNN46110-602System problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96Solving r

80 Chapter 4 TroubleshootingNN46110-602• Start from the top down to go in the opposite direction, looking at PPP first and working down to the physi

Chapter 4 Troubleshooting 81Nortel VPN Router TroubleshootingCheck the HDLC framingAssuming that the T1/V.35 interface is operating correctly, use t

82 Chapter 4 TroubleshootingNN46110-6024 If the PPP layer still does not come up, enable the interface debugger to generate large amounts of packet

Chapter 4 Troubleshooting 83Nortel VPN Router Troubleshooting• DHCP Server assigns IP addresses to clients• WINS Server provides a translation of th

84 Chapter 4 TroubleshootingNN46110-602The client system’s NetBIOS name must be unique in the private network to which the client is connecting. Do

Chapter 4 Troubleshooting 85Nortel VPN Router TroubleshootingThe renewal interval governs how often a client must reregister its name with the WINS

86 Chapter 4 TroubleshootingNN46110-602In the WINS mappings entry, enter a show database command. Note the entry for -__MSBROWSE__. This is the mach

Chapter 4 Troubleshooting 87Nortel VPN Router TroubleshootingTo specify a computer as the preferred master browser, set the parameter for IsDomainMa

88 Chapter 4 TroubleshootingNN46110-602When 10.1.2.3 broadcasts to find a network neighbor, it (incorrectly) sends to 10.255.255.255. Normal routing

Chapter 4 Troubleshooting 89Nortel VPN Router TroubleshootingAfter about 10 to 15 seconds, NetBIOS gives up on the primary interface, moves to the c

Contents 9Nortel VPN Router TroubleshootingViewing a packet capture output file on a PC . . . . . . . . . . . . . . . . . . . . . . . . . . . 125In

90 Chapter 4 TroubleshootingNN46110-602You must create a connection definition for your initial Internet link through your service provider. A separ

Chapter 4 Troubleshooting 91Nortel VPN Router TroubleshootingMy downloaded DNS servers for my tunnel connection do not workCause: The Microsoft Wind

92 Chapter 4 TroubleshootingNN46110-602• How to Troubleshoot TCP/IP Connectivity with Windows NT• Remote Access Service (RAS) Error Code List for Wi

Chapter 4 Troubleshooting 93Nortel VPN Router Troubleshooting• For ActiveX Scripts, Java, and JavaScript*, you must enable both ActiveX and Java pro

94 Chapter 4 TroubleshootingNN46110-602Clearing your Web browser cache when upgradingTo avoid problems when upgrading software revision levels, Nort

Chapter 4 Troubleshooting 95Nortel VPN Router TroubleshootingDocument not found messageCause: This message is returned when the HTTP server cannot f

96 Chapter 4 TroubleshootingNN46110-602Action: Close help windows after viewing them.Distorted background images Cause: In Netscape versions prior t

Chapter 4 Troubleshooting 97Nortel VPN Router TroubleshootingAction: If necessary, remove the front bezel as described in the installation guide, th

98 Chapter 4 TroubleshootingNN46110-602Action: Power-cycle the system using the green power button on the back of the VPN Router.Solving routing pro

Chapter 4 Troubleshooting 99Nortel VPN Router TroubleshootingSolving firewall problemsAn error occurred while parsing the policyDescription: The pol