02-01-2007 10:20 PM - edited 03-11-2019 02:28 AM
Hello,
I am trying to pass syslog from outside interface to server that sits
behind pix firewall. Details as follows.
Cisco2811
192.168.1.1 (LAN)
255.255.255.0
Cisco Pix
192.168.1.2 (Outside Interface)
192.168.150.1 (Inside Interface)
255.255.255.0
Syslog sitting on:
192.168.150.27
255.255.225.0
I setup the 2811 to pass the syslog to 192.168.1.2
Trying to get the Pix to route all inbound UPD 514 traffic from the
Cisco 2811 (Inside interface)to 192.168.150.27. I would like to keep the outside Cisco
2811 traffic visable in the syslog so I can tell between Pix, 2811,
and VPN 2005 that is logging to..
Here is the deal. The syslog is listeniing on UDP 514. All other
network devices are
logging to this port. (VPN,PIX, 2950's, Aironet)The Cisco 2811 is
setup for logging but nothing
comes through on UDP 514. When I allow all UDP traffic from Cisco
2811
through Pix firewall to syslog it works. It would not be good to
allow
all UDP traffic. What gives here? Anyone with suggestion of feedback
on this? I researched and could not find anything helpful.
Thanks!
02-01-2007 10:26 PM
Hi,
Can you provide the ACL that you have configured in the PIX to allow the syslog traffic from 2811.
Also provide the logging configuration commands that you have in your 2811.
-VJ
logging source-interface
02-01-2007 10:59 PM
Cisco 2811
premise#show logging
Syslog logging: enabled (0 messages dropped, 527 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
Console logging: level critical, 0 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 2542 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
Trap logging: level debugging, 2542 message lines logged
Logging to 192.168.150.27, 2542 message lines logged, xml disabled,
filtering disabled
PIX:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password L encrypted
passwd encrypted
hostname
domain-name
clock timezone EST -5
clock summer-time EDT recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 192.168.1.1 Cisco2811
name 192.168.150.27 syslog
access-list deny-flow-max 200
access-list outside_access_in permit icmp any any echo
access-list outside_access_in permit icmp any any echo-reply
access-list outside_access_in permit icmp any any time-exceeded
access-list outside_access_in permit icmp any any unreachable
access-list outside_access_in permit udp host Cisco2811 host syslog eq syslog
access-list inside_access_in permit ip any any
pager lines 24
logging on
logging timestamp
logging monitor critical
logging trap debugging
logging facility 23
logging device-id hostname
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute retry 4
ip address inside 192.168.150.1 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit info action
ip audit attack action
pdm location syslog 255.255.255.255 inside
pdm location Cisco2811 255.255.255.255 outside
pdm logging debugging 100
pdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
static (inside,outside) syslog syslog netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside Cisco2811 255.255.255.255 192.168.1.2 1
http 192.168.150.0 255.255.255.0 inside
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide