Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Write syslog of ASA 5505 to syslog server over VPN tunnel?

Hi,

Is it possible to let the ASA 5505 write it's syslog messages to a syslog server on the central network where the ASA 5550 is? (over the ipsec tunnel?)

I tried this. The tunnel is up but I get the message Routing failed to locate next hop for udp from NP (ASA 5505 ip) to inside: (syslog server ip).

thx,

Marc

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Write syslog of ASA 5505 to syslog server over VPN tunnel?

Mjonkers,

I would like to suggest that you configure the inside interface as the management-access interface. Include the inside interface IP and syslog server IP address on the NAT 0 ACL and crypto ACLS.

You can checkout  the "management-access" when you want to managed an ASA on its inside interface through the VPN  7.2 command referrence below:

http://www.cisco.com/en/US/customer/docs/security/asa/asa72/command/reference/m_72.html#wp1780826

I am currently running the VPN configuration on 8.2 and SNMP polling is working.

Hope this helps.

Thanks


5 REPLIES
Green

Re: Write syslog of ASA 5505 to syslog server over VPN tunnel?

Yes, this is possible. Since the source of the syslog messages will be the outside interface of the 5505, add this traffic to your crypto acl for the tunnel.

5505

access-list extended permit ip host <5505.outside.ip.address> host

logging host outside

5550

access-list extended permit ip host host <5505.outside.ip.address>

access-list extended permit ip host host <5505.outside.ip.address>

New Member

Re: Write syslog of ASA 5505 to syslog server over VPN tunnel?

Hi I have no luck with this. There are no syslogs messages comming in from the asa 5505. Any suggestions.

thx,

Marc

New Member

Re: Write syslog of ASA 5505 to syslog server over VPN tunnel?

the 5505 has internal 137.x.x.x, outside a 10.x.x.x natted on a adsl router wich has 85.x.x.x.

The 5550 has 137.x.x.x inside and an outher 137.x.x.x for the outside in an other vlan.

Which one must i use?

thx,

Marc

Green

Re: Write syslog of ASA 5505 to syslog server over VPN tunnel?

Could you post clean configs from both ASAs?

New Member

Re: Write syslog of ASA 5505 to syslog server over VPN tunnel?

Mjonkers,

I would like to suggest that you configure the inside interface as the management-access interface. Include the inside interface IP and syslog server IP address on the NAT 0 ACL and crypto ACLS.

You can checkout  the "management-access" when you want to managed an ASA on its inside interface through the VPN  7.2 command referrence below:

http://www.cisco.com/en/US/customer/docs/security/asa/asa72/command/reference/m_72.html#wp1780826

I am currently running the VPN configuration on 8.2 and SNMP polling is working.

Hope this helps.

Thanks


1860
Views
0
Helpful
5
Replies
CreatePlease to create content