These troubleshooting tips for networking issues are grouped by type of solution. Before using the ping utility, make sure that Enable ICMP pings is enabled on the Configure Basic Network Settings page. Some tips are given in these tables:
the Troubleshooting tips for networking issues table
the Troubleshooting tips for networking issues: hardware table
the Troubleshooting tips for networking issues: third-party solutions table
Utility | Troubleshooting tip |
Ping the external interface | Ping the external interface to verify the network connection. If you can ping a
host's IPv4 or IPv6 address, but not its fully qualified domain name, there is a
problem with name resolution. You can issue the ping command from the
command line or from within AMC (see Ping Command). |
Capture network traffic on the external interface | To verify that traffic is reaching the appliance and being returned, use the
network traffic utility in AMC, which is based on tcpdump . You can send this
network traffic data to Technical Support, or review it using a network
protocol analyzer like Wireshark. See Capturing Network Traffic for more
information. |
Ping the network gateway(s) | Ping the external gateway and/or internal gateway. You can issue the ping
command from the command line or from within AMC. For more
information, see Ping Command. |
Use ping to test DNS |
If you experience DNS problems, first determine whether client DNS resolution is working:
If basic DNS functionality is available, the IP address in square brackets is
resolved by DNS lookup, demonstrating that basic DNS is functioning at the
client. If DNS is not available, the ping program will pause for a few seconds
and then indicate that it could not find the host |
Try to use DNS to resolve the appliance host name |
If you continue to experience DNS problems, determine whether DNS can
resolve the appliance host name. Repeat the ping procedure described
above but replace If
|
Clear the ARP | If you’ve recently assigned a new IP address to the appliance, be sure to clear the local Address Resolution Protocol (ARP) cache from network devices such as firewalls or routers. This ensures that these network devices are not using an old IP-to-MAC address mapping. |
Hardware | Troubleshooting tip |
Cables | Check all network cables to be sure you don't have a bad cable. |
Bypass the firewall |
If you're using network address translation (NAT), you might be blocked by a firewall. Temporarily bypass the firewall by connecting a laptop to the appliance on the physical interface using a cable, and then verify network connectivity. If this type of connection is impractical, try placing your laptop on the same network segment as the external interface of the appliance (to get as close to the appliance as possible). |
Configure the switch port |
If you experience network latency, such as slow SCP file copying or slow performance by the Web proxy or network tunnel service, the problem may be due to configuration differences between the appliance interface settings and the switch ports to which the appliance is connected. It’s possible for a switch to improperly detect duplex-mode settings (for example, the appliance is configured at full duplex but the switch detects half duplex). Cisco has documented such problems with its switches. To resolve this problem, disable auto negotiation. Instead, configure the switch port to statically assign settings that match the appliance. You must check both switch ports and both appliance interface settings (internal and external, if applicable). If even one interface/switch port is mismatched, performance suffers. If you are experiencing network latency but your appliance/switch ports are configured correctly, the problem lies somewhere else in the network. It could also be an application-level issue (such as slow name resolution on the DNS server being accessed by the Web proxy or network tunnel service). |
Third-party solution | Troubleshooting tip |
Verify that traffic is not being filtered out |
Review the contents of the log file /var/log/kern.iptables while a connection attempt is failing. If packets are reaching the appliance but are being dropped or denied by iptables (a firewall running on the appliance), review the iptables ruleset by running the following command:
Traffic that is filtered by iptables is logged but not forwarded to an external syslog server. |