ASA generated syslog sent over site-to-site tunnel

Unanswered Question
Jul 11th, 2007

I have a site-to-site tunnel terminated on an ASA 5520. I have syslog logging to an internal server, and I have setup a syslog server on the other side of the tunnel. I have created my acls for interesting traffic and I cannot get the ASA to send the self-generated syslog messages across the tunnel. Any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sean@managednet... Wed, 07/11/2007 - 06:50

The problem I am having is not from passthru, it is from device origin going across the tunnel. I have provided a quick visio to help explain this request.

Attachment: 
ggilbert Wed, 07/11/2007 - 07:37

JPEG would be helpful, I do not have visio.

Also, can you please send me the output of sh logging from the ASA which needs to send the syslog to the remote side.

What is the IP address of the remote syslog server?

What does the encryption access-list look like.

Thanks

Gilbert

acomiskey Wed, 07/11/2007 - 07:39

sean, yes this is exactly as I understood from your first post.

In the .doc I referenced, the remote pix is syslogging to a server across the vpn tunnel. As long as the traffic from the outside interface of the remote ASA and the local syslog server are defined as interesting traffic in the vpn and the logging is properly configured at the remote ASA, there should be no problem. I do this today from serveral remote pixes. The source address of the interesting traffic from the remote ASA would be the outside interface address.

Actions

This Discussion