Cisco 2811 & Pix501 Logging Blues...

Unanswered Question

Hello,

I am trying to pass syslog from outside interface to server that sits

behind pix firewall. Details as follows.

Cisco2811

192.168.1.1 (LAN)

255.255.255.0

Cisco Pix

192.168.1.2 (Outside Interface)

192.168.150.1 (Inside Interface)

255.255.255.0

Syslog sitting on:

192.168.150.27

255.255.225.0

I setup the 2811 to pass the syslog to 192.168.1.2

Trying to get the Pix to route all inbound UPD 514 traffic from the

Cisco 2811 (Inside interface)to 192.168.150.27. I would like to keep the outside Cisco

2811 traffic visable in the syslog so I can tell between Pix, 2811,

and VPN 2005 that is logging to..

Here is the deal. The syslog is listeniing on UDP 514. All other

network devices are

logging to this port. (VPN,PIX, 2950's, Aironet)The Cisco 2811 is

setup for logging but nothing

comes through on UDP 514. When I allow all UDP traffic from Cisco

2811

through Pix firewall to syslog it works. It would not be good to

allow

all UDP traffic. What gives here? Anyone with suggestion of feedback

on this? I researched and could not find anything helpful.

Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vijayasankar Thu, 02/01/2007 - 22:26

Hi,

Can you provide the ACL that you have configured in the PIX to allow the syslog traffic from 2811.

Also provide the logging configuration commands that you have in your 2811.

-VJ

logging source-interface

Cisco 2811

premise#show logging

Syslog logging: enabled (0 messages dropped, 527 messages rate-limited,

0 flushes, 0 overruns, xml disabled, filtering disabled)

Console logging: level critical, 0 messages logged, xml disabled,

filtering disabled

Monitor logging: level debugging, 0 messages logged, xml disabled,

filtering disabled

Buffer logging: level debugging, 2542 messages logged, xml disabled,

filtering disabled

Logging Exception size (4096 bytes)

Count and timestamp logging messages: disabled

Trap logging: level debugging, 2542 message lines logged

Logging to 192.168.150.27, 2542 message lines logged, xml disabled,

filtering disabled

PIX:

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password L encrypted

passwd encrypted

hostname

domain-name

clock timezone EST -5

clock summer-time EDT recurring

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

name 192.168.1.1 Cisco2811

name 192.168.150.27 syslog

access-list deny-flow-max 200

access-list outside_access_in permit icmp any any echo

access-list outside_access_in permit icmp any any echo-reply

access-list outside_access_in permit icmp any any time-exceeded

access-list outside_access_in permit icmp any any unreachable

access-list outside_access_in permit udp host Cisco2811 host syslog eq syslog

access-list inside_access_in permit ip any any

pager lines 24

logging on

logging timestamp

logging monitor critical

logging trap debugging

logging facility 23

logging device-id hostname

mtu outside 1500

mtu inside 1500

ip address outside dhcp setroute retry 4

ip address inside 192.168.150.1 255.255.255.0

ip verify reverse-path interface outside

ip verify reverse-path interface inside

ip audit info action

ip audit attack action

pdm location syslog 255.255.255.255 inside

pdm location Cisco2811 255.255.255.255 outside

pdm logging debugging 100

pdm history enable

arp timeout 14400

global (outside) 10 interface

nat (inside) 10 0.0.0.0 0.0.0.0 0 0

static (inside,outside) syslog syslog netmask 255.255.255.255 0 0

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

route outside Cisco2811 255.255.255.255 192.168.1.2 1

http 192.168.150.0 255.255.255.0 inside

Actions

This Discussion