Solved: Access-list syntax

mulhollandm · ‎07-24-2003

Folks,

I'm trying to allow syslog messages from a 1721 but i can't get it working - i've already had a good response but i still can't quite get it right.

Here's my setup:

router:

tunnel int - 145.1.1.10/24

Bri0 int - 145.1.2.10/24

F/a int - 10.1.1.10/24

my pc - 20.1.1.5/24

i have an access-list on the Fast Ethernet int with a line to let the syslog messages thru, i've tried a few syntax changes but i think this should be it but still no joy

access-list 101 permit udp host 20.1.1.5 host 10.1.1.10 eq syslog

the list is applied to the Fast Ethernet int as access-group 101 in & i have my statement at the top of a list allowing a number of IPs thru to the other sitde of the tunnel

thanks for the help & patience

deilert · ‎07-24-2003

you may also want to add the logging source-interface 10.1.1.10 command , This way the source address for your logging will be the FE ip afddress that is permitted in your ACL

View solution in original post

deilert · ‎07-24-2003

do you have a logging source interface statement on the box , I think you have your SA & DA address reversed . the source of the syslog is going to be the router and the destination is going to be your syslog server

mulhollandm · ‎07-24-2003

no i don't have a logging source command, i have a logging 20.1.1.5 command to direct syslog messages to my pc which is running the syslog server

thanks

i'll try to reverse my statement & see what happens

deilert · ‎07-24-2003

you may also want to add the logging source-interface 10.1.1.10 command , This way the source address for your logging will be the FE ip afddress that is permitted in your ACL

mulhollandm · ‎07-24-2003

Thanks for your assistance- its all working perfectly now!