cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
725
Views
0
Helpful
1
Replies

ASA to PIX VPN - routing

r.walthall
Level 1
Level 1

Hi All,  I've built a site 2 site IPsec tunnel between an ASA 5510 and a PIX.  The tunnel is up, and for the most part traffic flows between source and destination LANs as expected. The problem is we need the ASA to send syslog messages across the VPN tunnel to a syslog server at the PIX site.  If I get on a router at the ASA site, I can ping the syslog server at the PIX site.   The following statement is in the ASA:

route outside pix.net.addr sub.net.mask next.hop

But in the ASA log I see "routing failed" messages for traffic from the ASA to the syslog server.

Apr 08 2010 08:32:01 ASA5510 : %ASA-6-110003: Routing failed to locate next hop for icmp from NP Identity Ifc:10.xx.x.xx/0 to inside:172.xx.x.xx/0

Any thoughts?

Thanks,

Robert

1 Accepted Solution

Accepted Solutions

Hi,

The ASA's public IP needs to be included in the interesting traffic for that tunnel (since that's the IP where the logs are going to be sent from).

Also, the syslog server IP needs to be included in the interesting traffic.

In other words, you should be able to PING from the ASA to the syslog server (through the tunnel).

Federico.

View solution in original post

1 Reply 1

Hi,

The ASA's public IP needs to be included in the interesting traffic for that tunnel (since that's the IP where the logs are going to be sent from).

Also, the syslog server IP needs to be included in the interesting traffic.

In other words, you should be able to PING from the ASA to the syslog server (through the tunnel).

Federico.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: