02-07-2015 09:54 AM - edited 03-11-2019 10:28 PM
Hi Everyone,
Firewall inside IP is 10.0.0.1
Kiwi syslog server is connected to firewall inside interface IP 10.0.0.10
config
ASA1# sh run loggi$
logging enable
logging timestamp
logging buffer-size 50000
logging buffered informational
logging asdm informational
logging host inside 10.0.0.10
logging permit-hostdown
I can ping from both devices to each other.
ASA1# ping inside 10.0.0.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Ran the packet tracer
ASA1# packet-tracer input inside udp 10.0.0.1 514 10.0.0.10 syslog
Phase: 1
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
nat (inside,outside) after-auto source static inside inside destination static inside inside
Additional Information:
NAT divert to egress interface outside
Untranslate 10.0.0.10/514 to 10.0.0.10/514
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
As they are behind same interface so no ACL is needed right?
Regards
MAhesh
Solved! Go to Solution.
02-07-2015 10:45 AM
Hi Mahesh,
Your configuration looks fine.
Packet tracer won't work for traffic from the firewall - only for traffic THROUGH the firewall. To validate in this case, you are better to do a packet capture to verify any traffic originated by the ASA is leaving and going to the syslog server destination.
Have you checked the Kiwi syslog server and defined your ASA as a source there? Until you do, it won't display any syslog traffic received.
02-07-2015 10:45 AM
Hi Mahesh,
Your configuration looks fine.
Packet tracer won't work for traffic from the firewall - only for traffic THROUGH the firewall. To validate in this case, you are better to do a packet capture to verify any traffic originated by the ASA is leaving and going to the syslog server destination.
Have you checked the Kiwi syslog server and defined your ASA as a source there? Until you do, it won't display any syslog traffic received.
02-07-2015 09:33 PM
Hi Marvin,
Thanks for explaing me about Packet tracer.
Issue was fixed by adding syslog port info under below command
ASA1(config)# logging host inside 10.0.0.10 ?
configure mode commands/options:
WORD Enter <protocol/port>, The protocol over which the syslog message is
sent, could be TCP or UDP. The allowable range for ports is 1025
through 65535. The default is port 514 for UDP and 1470 for TCP
Earlier when i configured logging host inside 10.0.0.10 i did not specify port info.
Now i config port info and when i do sh sh run logging
ASA1(config)# sh run logging
logging enable
logging timestamp
logging buffer-size 50000
logging buffered informational
logging trap informational
logging asdm informational
logging host inside 10.0.0.10
logging permit-hostdown
still it does not show syslog port which i configured.
Regards
MAhesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide