Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2065
Views
0
Helpful
1
Replies

ASA drops syslog traffic

justinfarmer
Level 1
Level 1

‎06-14-2012 12:34 PM - edited ‎03-11-2019 04:19 PM

Ok, I can't for the life of my figure out why internal syslog traffic would be dropped at the firewall.  I've come across a few support forums with comments like 'disable the specific syslog error, etc.' however this does not fix my problem.  I need the syslog messages from my Citrix VM Servers to reach the syslog server and the firewall is dropping them for some reason:

The syslog error that gets logged:

%ASA-2-106006: Deny inbound UDP from 192.168.1.200/514 to 192.168.1.210/514 on interface inside

Here is my current lab setup:

ubuntu (VM)       --> XenServer           --> ASA 5505

(192.168.1.201)        (192.168.1.200)         (192.168.1.1)

I have tons of hits on rule #2, none on rule #1 for my inside interface access list:

1. access-list inside_access_in extended permit udp any any eq syslog log notifications (put this one in for test... doesn't get any hits)

2. access-list inside_access_in extended permit ip any any log (this is the rule that should allow all internal traffic, right?)

This is the output from 'show logging'

Syslog logging: enabled

    Facility: 16

    Timestamp logging: enabled

    Standby logging: disabled

    Debug-trace logging: disabled

    Console logging: disabled

    Monitor logging: disabled

    Buffer logging: disabled

    Trap logging: level critical, facility 16, 970565 messages logged

        Logging to inside 192.168.1.210 errors: 70  dropped: 1162

    Permit-hostdown logging: disabled

    History logging: disabled

    Device ID: hostname "asa1"

    Mail logging: disabled

    ASDM logging: level warnings, 4035521 messages logged

Thanks!

Labels:
0 Helpful
1 Reply 1

Kureli Sankar
Cisco Employee
Cisco Employee

‎06-18-2012 02:37 PM

Well, all these VM, XenServer and ASA are on the same subnet right? Mask is /24?

If so, why are the packets going between 1.200 to 1.210 going to the ASA?

If these are on different subnet then the topology should look like this:

VM---ASA---Syslog_Server

And, you need to provide translation for the VM host.

static (inside,outside) VM_IP VM_IP

-Kureli

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card