topic ASA5506-X Trying to email syslog alerts through Site to Site VPN in Network Security

ASA5506-X Trying to email syslog alerts through Site to Site VPN

Don Bonnice — Tue, 12 Mar 2019 06:21:48 GMT

Hello,

I am attempting to configure email notification of critical syslog messages to use my corporate email server. Testing with a packet capture I noticed the email was being sent over the outside interface and not the inside interface. It appears to be ignoring the NAT statements supporting the VPN.

Is there a way to tell the ASA which interface to use for the SMTP server?

snips from running config below:

!
interface GigabitEthernet1/1
 nameif outside
 security-level 0
 ip address 71.xxx.xxx.xxx 255.255.255.0 

!
interface GigabitEthernet1/3
 nameif inside
 security-level 100
 ip address 10.10.99.1 255.255.255.0

object network Corp
 subnet 172.16.0.0 255.255.0.0
 description Corporate segment

object-group network DM_INLINE_NETWORK_1
 network-object 10.10.99.0 255.255.255.0

access-list outside_cryptomap_1 extended permit ip object-group DM_INLINE_NETWORK_1 object Corp

logging enable
logging timestamp
logging list EmailNotification level critical
logging trap notifications
logging asdm informational
logging mail EmailNotification
logging from-address H99fw@xxxxx.com
logging recipient-address fwmon@xxxxx.com level errors
logging device-id hostname
logging host inside 172.16.0.13

nat (inside,outside) source static any any destination static Corp Corp no-proxy-arp route-lookup

smtp-server 172.16.0.2

Any help is appreciated.

Adding packet capture from outside interface with my ip xx'ed out:

9 packets captured

1: 09:32:59.280121 71.xxx.xxx.xxx.34977 > 172.16.0.2.25: S 1280585985:1280585985(0) win 32768 <mss 1460,nop,nop,timestamp 154282920 0>

Packet capture for inside interface had nothing.

Hi Don,This link shall

Dinesh Moudgil — Thu, 30 Jul 2015 15:58:17 GMT

Hi Don,

This link shall address your query:-
How can I specify the ASA source interface for syslogs sent over a VPN tunneI

http://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/116171-qanda-asa-00.html

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Dinesh, That works fine to

Don Bonnice — Thu, 30 Jul 2015 16:06:37 GMT

Dinesh,

That works fine to send to a syslog server. I dont have a problem with that. I want specific emergency alerts to be sent via email where the email server is on the other end of a VPN.

Don

Here is the thread which

Dinesh Moudgil — Thu, 30 Jul 2015 16:31:52 GMT

Here is the thread which discusses this:-

https://supportforums.cisco.com/discussion/10971551/how-do-i-get-mail-alert-if-site-site-vpn-goes-down-asa-5510

You might want to confirm the specific emergency alerts ID to configure on the ASA.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

I am sorry Dinesh but there

Don Bonnice — Thu, 30 Jul 2015 17:03:24 GMT

I am sorry Dinesh but there must be a lack of communications on my part.

My question is specifically directed at the interface used by the emailing of syslog alerts. It will not use my smtp server going through my VPN. It attempts to email... All that is fine. It is sending out the outside interface instead of using the server mapped via the inside interface. Please see original post.