Ok, I can't for the life of my figure out why internal syslog traffic would be dropped at the firewall. I've come across a few support forums with comments like 'disable the specific syslog error, etc.' however this does not fix my problem. I need the syslog messages from my Citrix VM Servers to reach the syslog server and the firewall is dropping them for some reason:
The syslog error that gets logged:
%ASA-2-106006: Deny inbound UDP from 192.168.1.200/514 to 192.168.1.210/514 on interface inside
Here is my current lab setup:
ubuntu (VM) --> XenServer --> ASA 5505
(192.168.1.201) (192.168.1.200) (192.168.1.1)
I have tons of hits on rule #2, none on rule #1 for my inside interface access list:
1. access-list inside_access_in extended permit udp any any eq syslog log notifications (put this one in for test... doesn't get any hits)
2. access-list inside_access_in extended permit ip any any log (this is the rule that should allow all internal traffic, right?)
This is the output from 'show logging'
Syslog logging: enabled
Facility: 16
Timestamp logging: enabled
Standby logging: disabled
Debug-trace logging: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: disabled
Trap logging: level critical, facility 16, 970565 messages logged
Logging to inside 192.168.1.210 errors: 70 dropped: 1162
Permit-hostdown logging: disabled
History logging: disabled
Device ID: hostname "asa1"
Mail logging: disabled
ASDM logging: level warnings, 4035521 messages logged
Thanks!