Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
677
Views
0
Helpful
4
Replies

ASA generated syslog sent over site-to-site tunnel

sean
Level 3
Level 3

‎07-11-2007 06:15 AM - edited ‎03-11-2019 03:43 AM

I have a site-to-site tunnel terminated on an ASA 5520. I have syslog logging to an internal server, and I have setup a syslog server on the other side of the tunnel. I have created my acls for interesting traffic and I cannot get the ASA to send the self-generated syslog messages across the tunnel. Any ideas?

Labels:
0 Helpful
4 Replies 4

acomiskey
Level 10
Level 10

‎07-11-2007 06:19 AM

Here is the document to accomplish this with Pix 6 which should help with ASA 7.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094469.shtml

What device is the other end of the tunnel? Do you want to post the configs?

0 Helpful

sean
Level 3
Level 3
In response to acomiskey

‎07-11-2007 06:50 AM

The problem I am having is not from passthru, it is from device origin going across the tunnel. I have provided a quick visio to help explain this request.

21892-example.vsd
0 Helpful

ggilbert
Cisco Employee
Cisco Employee
In response to sean

‎07-11-2007 07:37 AM

JPEG would be helpful, I do not have visio.

Also, can you please send me the output of sh logging from the ASA which needs to send the syslog to the remote side.

What is the IP address of the remote syslog server?

What does the encryption access-list look like.

Thanks

Gilbert

0 Helpful

acomiskey
Level 10
Level 10
In response to sean

‎07-11-2007 07:39 AM

sean, yes this is exactly as I understood from your first post.

In the .doc I referenced, the remote pix is syslogging to a server across the vpn tunnel. As long as the traffic from the outside interface of the remote ASA and the local syslog server are defined as interesting traffic in the vpn and the logging is properly configured at the remote ASA, there should be no problem. I do this today from serveral remote pixes. The source address of the interesting traffic from the remote ASA would be the outside interface address.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card