Cisco ASA can send logs for a syslog server within VPN?

Unanswered Question
Jan 29th, 2010

Hi experts,

Today a customer ask for configure Cisco ASA to send logs for a syslog server in the other site through VPN. I set up the equipament with command "logging host outside" but do not work.

Is it possible to do this config? Could someone help me?


Rodrigo Alves

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
pudawat Fri, 01/29/2010 - 16:23

HI Rodrigo,

Assuming that the VPN is setup and working between the two sites.

Add these commands in to the configuration to run syslog server over VPN.

Device with Syslog server on inside

logging facility 16
logging host inside 10.0.79..x(SYSLOG SERVER IP)

Device with network 192.168.x.x on intside

logging facility 23
logging host outside 10.0.79.x

If you want ot make access list port specific just add eq 514(SYSLOG MESSAGES)


Pradhuman Sat, 01/30/2010 - 14:44

Pradhuman, thank you for your answer. See below e route table of ASA, for it the Syslog IP address is on outside interface, but I do not can ping de Syslog server, but someone PC in inside interface with IP can ping it.

C    201.55.XXX.XXX is directly connected, outside
C is directly connected, inside
S [1/0] via, outside
S [1/0] via, outside
S* [1/0] via, outside

Have some thing to do for the Cisco ASA understand that need send yours packets within VPN? I tryed to put de IP address of ASA in ACL of VPN end set up logging host outside 10.0.79.x, but do not work and the CPU use of ASA stay in 100%.

I dont know what to do...

Rodrigo Alves


This Discussion