I am having issues getting my ASA 5540 at site A, to pass TFTP and SYSLOG from itself across the IPSEC tunnel to our SYSMON servers (Syslog and TFTP) that live at site B. I have followed the suggestions of other threads and I am still not getting anywhere. Here is a quick topology diagram
Site A Site B
Cisco ASA 5540 <--- ISPSEC Tunnel---> Cisco ASA 5540 > Ubuntu Server for TFTP and SYSLOG
IP: 220.127.116.11 IP: 18.104.22.168 IP: 192.168.8.103
Here is a pertinent config snip:
ASA Version 8.4(2)
description DC 10MB Drop
ip address 22.214.171.124 255.255.255.0 standby 126.96.36.199
ip address 10.168.1.15 255.255.0.0 standby 10.168.1.13
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network NET-HOSTED
subnet 10.168.0.0 255.255.0.0
description HIO Hosted Servers
object-group network NET-HQ
description HQ Networks
network-object 192.168.8.0 255.255.255.0
network-object 192.168.6.0 255.255.255.0
access-list ACL-HQ-VPN extended permit ip object NET-HOSTED object-group NET-HQ
I have tried both ways and still do not see any logs showing up. I can and have always been able to get logs from a host in the HOSTED network over the VPN, just the ASA will not send its logs over the VPN.
You should add 188.8.131.52<->"Syslog Server IP" into crypo ACL. ASA cannot source syslog from inside interface to VPN builded from outside. So you have to add one more IPSec SA to encapsulate traffic from outside to syslog server.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :