transit syslog being dropped

ryancisco01 — Tue, 12 Mar 2019 08:00:38 GMT

Hi guys,

here is our setup:

syslog server <-> ASA Internal <-> ASA external

Both ASA's are set to send syslog to the same IP address and the Internal works but the external does not. (Ping to syslog from both asa is working)

What I am seeing is using packet capture on ASA internal, on the interface facing external I can see syslog traffic being received (so this rules external asa out of the picture), however on the ASA internal interface facing syslog server no packets being captured.

I have used packet tracer to simulate the traffic and it shows allowed and appropriate acl is configured (there is no outbound acl configured)

I believe the issue may be due to the fact both ASA's are using 514 as their source port and destination port. I see no other reason for ASA Internal to drop the traffic which it clearly is doing. Is there any reason for ASA to drop traffic if source port are the same?

Can there be any other explanations for this?

thanks!

Has the "internal ASA" NAT

m.kafka — Tue, 12 Jul 2016 17:36:13 GMT

Has the "internal ASA" NAT configured?

In that case a NAT-exemption could help.

That's all I can think of with this little information.

Rgds, MiKa

topic Has the "internal ASA" NAT in Network Security

transit syslog being dropped

Has the "internal ASA" NAT