Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 2811 & Pix501 Logging Blues...


I am trying to pass syslog from outside interface to server that sits

behind pix firewall. Details as follows.

Cisco2811 (LAN)

Cisco Pix (Outside Interface) (Inside Interface)

Syslog sitting on:

I setup the 2811 to pass the syslog to

Trying to get the Pix to route all inbound UPD 514 traffic from the

Cisco 2811 (Inside interface)to I would like to keep the outside Cisco

2811 traffic visable in the syslog so I can tell between Pix, 2811,

and VPN 2005 that is logging to..

Here is the deal. The syslog is listeniing on UDP 514. All other

network devices are

logging to this port. (VPN,PIX, 2950's, Aironet)The Cisco 2811 is

setup for logging but nothing

comes through on UDP 514. When I allow all UDP traffic from Cisco


through Pix firewall to syslog it works. It would not be good to


all UDP traffic. What gives here? Anyone with suggestion of feedback

on this? I researched and could not find anything helpful.



Re: Cisco 2811 & Pix501 Logging Blues...


Can you provide the ACL that you have configured in the PIX to allow the syslog traffic from 2811.

Also provide the logging configuration commands that you have in your 2811.


logging source-interface

New Member

Re: Cisco 2811 & Pix501 Logging Blues...

Cisco 2811

premise#show logging

Syslog logging: enabled (0 messages dropped, 527 messages rate-limited,

0 flushes, 0 overruns, xml disabled, filtering disabled)

Console logging: level critical, 0 messages logged, xml disabled,

filtering disabled

Monitor logging: level debugging, 0 messages logged, xml disabled,

filtering disabled

Buffer logging: level debugging, 2542 messages logged, xml disabled,

filtering disabled

Logging Exception size (4096 bytes)

Count and timestamp logging messages: disabled

Trap logging: level debugging, 2542 message lines logged

Logging to, 2542 message lines logged, xml disabled,

filtering disabled


PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password L encrypted

passwd encrypted



clock timezone EST -5

clock summer-time EDT recurring

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69


name Cisco2811

name syslog

access-list deny-flow-max 200

access-list outside_access_in permit icmp any any echo

access-list outside_access_in permit icmp any any echo-reply

access-list outside_access_in permit icmp any any time-exceeded

access-list outside_access_in permit icmp any any unreachable

access-list outside_access_in permit udp host Cisco2811 host syslog eq syslog

access-list inside_access_in permit ip any any

pager lines 24

logging on

logging timestamp

logging monitor critical

logging trap debugging

logging facility 23

logging device-id hostname

mtu outside 1500

mtu inside 1500

ip address outside dhcp setroute retry 4

ip address inside

ip verify reverse-path interface outside

ip verify reverse-path interface inside

ip audit info action

ip audit attack action

pdm location syslog inside

pdm location Cisco2811 outside

pdm logging debugging 100

pdm history enable

arp timeout 14400

global (outside) 10 interface

nat (inside) 10 0 0

static (inside,outside) syslog syslog netmask 0 0

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

route outside Cisco2811 1

http inside

CreatePlease login to create content