Hi All, I've built a site 2 site IPsec tunnel between an ASA 5510 and a PIX. The tunnel is up, and for the most part traffic flows between source and destination LANs as expected. The problem is we need the ASA to send syslog messages across the VPN tunnel to a syslog server at the PIX site. If I get on a router at the ASA site, I can ping the syslog server at the PIX site. The following statement is in the ASA:
route outside pix.net.addr sub.net.mask next.hop
But in the ASA log I see "routing failed" messages for traffic from the ASA to the syslog server.
Apr 08 2010 08:32:01 ASA5510 : %ASA-6-110003: Routing failed to locate next hop for icmp from NP Identity Ifc:10.xx.x.xx/0 to inside:172.xx.x.xx/0
The ASA's public IP needs to be included in the interesting traffic for that tunnel (since that's the IP where the logs are going to be sent from).
Also, the syslog server IP needs to be included in the interesting traffic.
In other words, you should be able to PING from the ASA to the syslog server (through the tunnel).