Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA to PIX VPN - routing

Hi All,  I've built a site 2 site IPsec tunnel between an ASA 5510 and a PIX.  The tunnel is up, and for the most part traffic flows between source and destination LANs as expected. The problem is we need the ASA to send syslog messages across the VPN tunnel to a syslog server at the PIX site.  If I get on a router at the ASA site, I can ping the syslog server at the PIX site.   The following statement is in the ASA:

route outside pix.net.addr sub.net.mask next.hop

But in the ASA log I see "routing failed" messages for traffic from the ASA to the syslog server.

Apr 08 2010 08:32:01 ASA5510 : %ASA-6-110003: Routing failed to locate next hop for icmp from NP Identity Ifc:10.xx.x.xx/0 to inside:172.xx.x.xx/0

Any thoughts?

Thanks,

Robert

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ASA to PIX VPN - routing

Hi,

The ASA's public IP needs to be included in the interesting traffic for that tunnel (since that's the IP where the logs are going to be sent from).

Also, the syslog server IP needs to be included in the interesting traffic.

In other words, you should be able to PING from the ASA to the syslog server (through the tunnel).

Federico.

1 REPLY

Re: ASA to PIX VPN - routing

Hi,

The ASA's public IP needs to be included in the interesting traffic for that tunnel (since that's the IP where the logs are going to be sent from).

Also, the syslog server IP needs to be included in the interesting traffic.

In other words, you should be able to PING from the ASA to the syslog server (through the tunnel).

Federico.

476
Views
0
Helpful
1
Replies