69-14
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 69 Using External Monitoring, Troubleshooting, and Diagnostic Tools
Analyzing Connectivity Issues Using the Ping, Trace Route, or NS Lookup Tools
The detailed information organizes the results in folders that correspond to the phases, with an Action
column that indicates the results of the phase (checkmark for passed, red X for dropped). To open a
folder, click its heading. Detailed information can include the specific configuration commands
evaluated and the data derived from show commands. The final folder, named Result, summaries the
results of the trace.
Tips:
If the packet is allowed or denied by an explicit access rule, then you can jump to that rule. Select
the Access-List folder to open it, then click the Show access rule link at the top of the section. You
are taken to the Access Rule policy with the rule highlighted; you can edit the rule as desired. If a
packet is dropped due to an implicit drop rule, the Show access rule link is not available because the
rule does not exist in the policy table.
If the device is shut down or not reachable due to a network failure during the analysis, an error
message stating “Device Connectivity is Failed” appears.
If you start a new trace, the information shown is cleared automatically. However, you can clear it
yourself by clicking Clear.
Analyzing Connectivity Issues Using the Ping, Trace Route, or NS Lookup Tools
You can use the Ping or Trace Route tools to investigate and troubleshoot your network configuration
and connectivity. You typically run these commands in the device, from within Security Manager by
specifying specific launch points and parameters. This causes Security Manager to generate the
corresponding command. NS Lookup, on the other hand, is typically run from the Security Manager
client.