08-30-2003 10:49 AM - edited 02-21-2020 12:44 PM
I have the site-to-site VPN setup and function OK.
The second step I like to try is to send the syslog data to the syslog server on hub site from spoke site and also setup NTP to sync with other cisco device.
I assume that I should be able to send the traffic thru the vpn tunnel to hosts on hub site. But I saw some deny on the syslog log on hub site that deny the traffic from outside interface of the spoke site. Is there anything I am missing?
Can someone help me about this? Thanks.
Harry
08-30-2003 06:32 PM
Do you have the management-access command configured?
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/mr.htm#1137951
It is the closest thing to which you seek, but I do not think it will help you - the documentation does not say that it affects either ntp or syslog.
Is the remote site statically addressed? If so, you could adjust your crypto maps such that a tunnel is made from the remote external ip address, and thus the syslog traffic is encrypted. I assume ntp would be similar - I have had a similar problem as you with regard to syslog traffic, without much of a solution
08-30-2003 06:36 PM
Try playing with:
logging device-id ipaddress if-name
I am not sure if that will just put the ip address of "if-name" in the syslog data, or the actual source ip of that int will be use for transport, thus ensuring that it will be sent through the ipsec tunnel as it meets your crypto map criteria
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide