CHAPTER
43-1
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
43
Troubleshooting the Security Appliance
This chapter describes how to troubleshoot the security appliance, and includes the following sections:
• Testing Your Configuration, page 43-1
• Reloading the Security Appliance, page 43-6
• Performing Password Recovery, page 43-6
• Other Troubleshooting Tools, page 43-10
• Common Problems, page 43-10
Testing Your Configuration
This section describes how to test connectivity for the single mode security appliance or for each security
context. The following steps describe how to ping the security appliance interfaces, and how to allow
hosts on one interface to ping through to hosts on another interface.
We recommend that you only enable pinging and debug messages during troubleshooting. When you are
done testing the security appliance, follow the steps in the “Disabling the Test Configuration” section on
page 43-5.
This section includes:
• Enabling ICMP Debug Messages and System Messages, page 43-1
• Pinging Security Appliance Interfaces, page 43-2
• Pinging Through the Security Appliance, page 43-4
• Disabling the Test Configuration, page 43-5
Enabling ICMP Debug Messages and System Messages
Debug messages and system messages can help you troubleshoot why your pings are not successful. The
security appliance only shows ICMP debug messages for pings to the security appliance interfaces, and
not for pings through the security appliance to other hosts. To enable debugging and system messages,
perform the following steps:
Step 1 To show ICMP packet information for pings to the security appliance interfaces, enter the following
command:
hostname(config)# debug icmp trace
To Next Page
Loading...
Need help?
General