05-29-2009 02:06 AM - edited 03-11-2019 08:37 AM
syslog configuration.
unable to getting logs from server.....
I am getting error in ASA5505-FW#sh logging as mentioned below.
May 29 2009 02:08:19 172.26.8.254 : %ASA-3-710003: TCP access denied by ACL from
172.26.8.3/1594 to inside:172.26.8.254/23
05-29-2009 05:33 AM
Where are your acl's at on the firewall? Do you have your firewall configured in transparent mode?
HTH,
John
05-29-2009 05:01 PM
May 29 2009 02:08:19 172.26.8.254 : %ASA-3-710003: TCP access denied by ACL from 172.26.8.3/1594 to inside:172.26.8.254/23
So you are unable to telnet from 172.26.8.3 PC to the ASA's inside interface 172.26.8.254? You do not have the line "telnet 0 0 inside"
You need help with that or do you need help with configuring a syslog server.
Flow this link for configuring syslog server.
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/monitor.html#wp1064726
If you need assistance to configure the asa for telnet access pls. read here.
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mgaccess.html#wp1054101
06-01-2009 10:18 PM
I have done the configuration as per the ulr.The same error is getting. Please check the configuration and confirm anything needs to update.
interface Vlan1
nameif inside
security-level 100
ip address 172.26.8.254 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 10.97.37.221 255.255.255.0
!
interface Vlan3
no nameif
no security-level
no ip address
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
ftp mode passive
clock timezone IST 5 30
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list 100 extended permit tcp any host 10.97.37.229 eq 3389
access-list 100 extended permit icmp any any echo-reply
access-list 100 extended permit tcp any host 10.97.37.229 eq 445
access-list 100 extended permit tcp any host 10.97.37.221 eq telnet
access-list 100 extended permit tcp any host 10.97.37.229 eq ftp
access-list nonat extended permit ip any 192.168.200.0 255.255.255.192
access-list split_tunnel standard permit 172.26.8.0 255.255.255.0
pager lines 24
logging enable
logging timestamp
logging standby
logging console alerts
logging monitor informational
logging buffered errors
logging trap errors
logging history emergencies
logging asdm informational
logging mail alerts
logging device-id ipaddress inside
logging host inside 172.26.8.3
mtu inside 1500
mtu outside 1500
ip local pool vpnpool 192.168.200.1-192.168.200.62 mask 255.255.255.192
ip audit attack action
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 10.97.37.229 172.26.8.3 netmask 255.255.255.255
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0 10.97.37.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 inside
snmp-server host inside 172.26.8.3 community Airtel
no snmp-server location
no snmp-server contact
snmp-server community Airtel
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
crypto ipsec transform-set airtel esp-3des esp-sha-hmac
crypto dynamic-map bharti 10 set transform-set airtel
crypto dynamic-map bharti 10 set security-association lifetime seconds 288000
crypto dynamic-map bharti 10 set reverse-route
crypto map bharti 10 ipsec-isakmp dynamic bharti
crypto map bharti interface outside
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
crypto isakmp nat-traversal 20
telnet 172.26.8.0 255.255.255.0 inside
telnet timeout 30
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcpd auto_config inside
!
ntp server 172.26.8.3
group-policy VPNclient internal
group-policy VPNclient attributes
dns-server value 10.40.10.1
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_tunnel
default-domain value netsol.com
username manju password sa8Cy29xTh/4YFVH encrypted
tunnel-group IPsecVPN type ipsec-ra
tunnel-group IPSecVPN type ipsec-ra
tunnel-group VPNclient type ipsec-ra
tunnel-group VPNclient general-attributes
address-pool vpnpool
default-group-policy VPNclient
tunnel-group VPNclient ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: