11-11-2009 04:42 AM - edited 02-21-2020 03:47 AM
Hi,
Is it possible to let the ASA 5505 write it's syslog messages to a syslog server on the central network where the ASA 5550 is? (over the ipsec tunnel?)
I tried this. The tunnel is up but I get the message Routing failed to locate next hop for udp from NP (ASA 5505 ip) to inside: (syslog server ip).
thx,
Marc
Solved! Go to Solution.
11-20-2009 05:56 PM
Mjonkers,
I would like to suggest that you configure the inside interface as the management-access interface. Include the inside interface IP and syslog server IP address on the NAT 0 ACL and crypto ACLS.
You can checkout the "management-access" when you want to managed an ASA on its inside interface through the VPN 7.2 command referrence below:
http://www.cisco.com/en/US/customer/docs/security/asa/asa72/command/reference/m_72.html#wp1780826
I am currently running the VPN configuration on 8.2 and SNMP polling is working.
Hope this helps.
Thanks
11-11-2009 06:00 AM
Yes, this is possible. Since the source of the syslog messages will be the outside interface of the 5505, add this traffic to your crypto acl for the tunnel.
5505
access-list
logging host outside
5550
access-list
access-list
11-11-2009 10:51 PM
Hi I have no luck with this. There are no syslogs messages comming in from the asa 5505. Any suggestions.
thx,
Marc
11-11-2009 10:59 PM
the 5505 has internal 137.x.x.x, outside a 10.x.x.x natted on a adsl router wich has 85.x.x.x.
The 5550 has 137.x.x.x inside and an outher 137.x.x.x for the outside in an other vlan.
Which one must i use?
thx,
Marc
11-12-2009 06:05 AM
Could you post clean configs from both ASAs?
11-20-2009 05:56 PM
Mjonkers,
I would like to suggest that you configure the inside interface as the management-access interface. Include the inside interface IP and syslog server IP address on the NAT 0 ACL and crypto ACLS.
You can checkout the "management-access" when you want to managed an ASA on its inside interface through the VPN 7.2 command referrence below:
http://www.cisco.com/en/US/customer/docs/security/asa/asa72/command/reference/m_72.html#wp1780826
I am currently running the VPN configuration on 8.2 and SNMP polling is working.
Hope this helps.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide