Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA drops syslog traffic

Ok, I can't for the life of my figure out why internal syslog traffic would be dropped at the firewall.  I've come across a few support forums with comments like 'disable the specific syslog error, etc.' however this does not fix my problem.  I need the syslog messages from my Citrix VM Servers to reach the syslog server and the firewall is dropping them for some reason:

The syslog error that gets logged:

%ASA-2-106006: Deny inbound UDP from 192.168.1.200/514 to 192.168.1.210/514 on interface inside

Here is my current lab setup:

ubuntu (VM)       --> XenServer           --> ASA 5505

(192.168.1.201)        (192.168.1.200)         (192.168.1.1)

I have tons of hits on rule #2, none on rule #1 for my inside interface access list:

1. access-list inside_access_in extended permit udp any any eq syslog log notifications (put this one in for test... doesn't get any hits)

2. access-list inside_access_in extended permit ip any any log (this is the rule that should allow all internal traffic, right?)

This is the output from 'show logging'

Syslog logging: enabled

    Facility: 16

    Timestamp logging: enabled

    Standby logging: disabled

    Debug-trace logging: disabled

    Console logging: disabled

    Monitor logging: disabled

    Buffer logging: disabled

    Trap logging: level critical, facility 16, 970565 messages logged

        Logging to inside 192.168.1.210 errors: 70  dropped: 1162

    Permit-hostdown logging: disabled

    History logging: disabled

    Device ID: hostname "asa1"

    Mail logging: disabled

    ASDM logging: level warnings, 4035521 messages logged

Thanks!

Everyone's tags (4)
1 REPLY
Cisco Employee

ASA drops syslog traffic

Well, all these VM, XenServer and ASA are on the same subnet right? Mask is /24?

If so, why are the packets going between 1.200 to 1.210 going to the ASA?

If these are on different subnet then the topology should look like this:

VM---ASA---Syslog_Server

And, you need to provide translation for the VM host.

static (inside,outside) VM_IP VM_IP

-Kureli

1329
Views
0
Helpful
1
Replies
CreatePlease to create content