cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1691
Views
5
Helpful
2
Replies

Cisco ASA can send logs for a syslog server within VPN?

rodrigo.cisco
Level 4
Level 4

Hi experts,

Today a customer ask for configure Cisco ASA to send logs for a syslog server in the other site through VPN. I set up the equipament with command "logging host outside 10.0.79.15" but do not work.

Is it possible to do this config? Could someone help me?

Regards,

Rodrigo Alves

2 Replies 2

pudawat
Level 1
Level 1

HI Rodrigo,

Assuming that the VPN is setup and working between the two sites.

Add these commands in to the configuration to run syslog server over VPN.

Device with Syslog server on inside

logging facility 16
logging host inside 10.0.79..x(SYSLOG SERVER IP)

Device with network 192.168.x.x on intside

logging facility 23
logging host outside 10.0.79.x

If you want ot make access list port specific just add eq 514(SYSLOG MESSAGES)

Thanks,

Pradhuman

Pradhuman, thank you for your answer. See below e route table of ASA, for it the Syslog IP address is on outside interface, but I do not can ping de Syslog server, but someone PC in inside interface with IP 192.168.10.0/24 can ping it.


C    201.55.XXX.XXX 255.255.255.248 is directly connected, outside
C    192.168.10.0 255.255.255.0 is directly connected, inside
S    10.0.79.0 255.255.255.0 [1/0] via 201.55.64.193, outside
S    10.0.121.194 255.255.255.255 [1/0] via 201.55.64.193, outside
S*   0.0.0.0 0.0.0.0 [1/0] via 201.55.64.193, outside

Have some thing to do for the Cisco ASA understand that need send yours packets within VPN? I tryed to put de IP address of ASA in ACL of VPN end set up logging host outside 10.0.79.x, but do not work and the CPU use of ASA stay in 100%.

I dont know what to do...

Rodrigo Alves

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: