Re: Trouble to send syslog and setup NTP through vpn tunnel

harry.jeng · ‎08-30-2003

I have the site-to-site VPN setup and function OK.

The second step I like to try is to send the syslog data to the syslog server on hub site from spoke site and also setup NTP to sync with other cisco device.

I assume that I should be able to send the traffic thru the vpn tunnel to hosts on hub site. But I saw some deny on the syslog log on hub site that deny the traffic from outside interface of the spoke site. Is there anything I am missing?

Can someone help me about this? Thanks.

Harry

mostiguy · ‎08-30-2003

Do you have the management-access command configured?

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/mr.htm#1137951

It is the closest thing to which you seek, but I do not think it will help you - the documentation does not say that it affects either ntp or syslog.

Is the remote site statically addressed? If so, you could adjust your crypto maps such that a tunnel is made from the remote external ip address, and thus the syslog traffic is encrypted. I assume ntp would be similar - I have had a similar problem as you with regard to syslog traffic, without much of a solution

mostiguy · ‎08-30-2003

Try playing with:

logging device-id ipaddress if-name

I am not sure if that will just put the ip address of "if-name" in the syslog data, or the actual source ip of that int will be use for transport, thus ensuring that it will be sent through the ipsec tunnel as it meets your crypto map criteria