Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
41424344454647484950
Chapter 5 Troubleshooting Open Security Extension Cisco Routers: Problem Resolution and Debugging
Advanced Technical Reference Guide 4.1 June 2000 44
OSE does not work when Anti Spoofing is set to other+
See the SecureKnowledge Solution (ID: 10043.0.6958228.2640175) in the Check Point Technical Services site
Cisco Routers: Problem Resolution and Debugging
Differences between Cisco router version 9 and 11: Support for Anti-
Spoofing
Version 9 routers do not support anti-spoofing. These routers do not distinguish between inbound and outbound
or outbound. All you can do is install a Security Policy on a router interface.
Versions 10 and 11 support anti-spoofing because it is possible to define inbound or outbound filter directions.
Common problems resolution for Cisco Routers
Multiple logs received from the Cisco router
See the SecureKnowledge Solution (ID: 10022.0.1673181.2471537) in the Check Point Technical Services site
Error message on the Import Access List window of the FireWall-1 GUI
Importing access list operation will fail when trying to import in Graphical rulebase from a FastEthernet0/0
interface
See the SecureKnowledge Solution (ID: 10043.0.5516028.2585580) in the Check Point Technical Services site
Cannot get logs from the router
See the SecureKnowledge Solution (ID: 10022.0.527050.2411096) in the Check Point Technical Services site
Error message while trying to install new license (only for 4.1)
See the SecureKnowledge Solution (ID: 10043.0.4395816.2572453) in the Check Point Technical Services site
OSE does not work when Anti Spoofing is set to other+
See the SecureKnowledge Solution (ID: 10043.0.6958228.2640175) in the Check Point Technical Services site
Access List download fails the first time a username is defined in the router’s
enable mode
When a username is defined in the router’s enable mode, downloading the Access List fails. Every time the
router asks for a username, a time-out message is displayed. Access List installation will succeed on the second
try. To avoid this problem, do not define enable username for Cisco routers.
Debugging of Cisco Routers
To verify whether the VPN-1/FireWall-1 installed the access list correctly on the router, use the following
router command to display the current configuration in detail, including the access lists.
Show running-config
When having trouble installing the access list from the VPN-1/FireWall-1 GUI you could use the following
command from command line (on the VPN/FireWall management module):
router_load –cisco