https://community.cisco.com/t5/network-security/asa-drops-syslog-traffic/m-p/1976819#M440859 <HTML><HEAD></HEAD><BODY><P>Well, all these VM, XenServer and ASA are on the same subnet right? Mask is /24?</P><P>If so, why are the packets going between 1.200 to 1.210 going to the ASA?</P><P></P><P>If these are on different subnet then the topology should look like this:</P><P></P><P>VM---ASA---Syslog_Server</P><P></P><P>And, you need to provide translation for the VM host.</P><P>static (inside,outside) VM_IP VM_IP</P><P></P><P>-Kureli</P></BODY></HTML> Mon, 18 Jun 2012 21:37:31 GMT Kureli Sankar 2012-06-18T21:37:31Z https://community.cisco.com/t5/network-security/asa-drops-syslog-traffic/m-p/1976818#M440858 <P>Ok, I can't for the life of my figure out why <STRONG>internal</STRONG> syslog traffic would be dropped at the firewall.&nbsp; I've come across a few support forums with comments like 'disable the specific syslog error, etc.' however this does not fix my problem.&nbsp; I need the syslog messages from my Citrix VM Servers to reach the syslog server and the firewall is dropping them for some reason:</P><P></P><P>The syslog error that gets logged:</P><P><STRONG>%ASA-2-106006: Deny inbound UDP from 192.168.1.200/514 to 192.168.1.210/514 on interface inside </STRONG></P><P></P><P></P><P>Here is my current lab setup:</P><P><STRONG>ubuntu (VM)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&gt; XenServer&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&gt; ASA 5505</STRONG></P><P>(192.168.1.201)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (192.168.1.200)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (192.168.1.1)</P><P></P><P>I have tons of hits on rule #2, none on rule #1 for my inside interface access list:</P><P><STRONG>1. access-list inside_access_in extended permit udp any any eq syslog log notifications </STRONG><EM>(put this one in for test... doesn't get any hits)</EM></P><P><STRONG>2. access-list inside_access_in extended permit ip any any log </STRONG><EM>(this is the rule that should allow all internal traffic, right?)</EM></P><P></P><P>This is the output from 'show logging'</P><P><STRONG>Syslog logging: enabled</STRONG></P><P><STRONG>&nbsp;&nbsp;&nbsp; Facility: 16</STRONG></P><P><STRONG>&nbsp;&nbsp;&nbsp; Timestamp logging: enabled</STRONG></P><P><STRONG>&nbsp;&nbsp;&nbsp; Standby logging: disabled</STRONG></P><P><STRONG>&nbsp;&nbsp;&nbsp; Debug-trace logging: disabled</STRONG></P><P><STRONG>&nbsp;&nbsp;&nbsp; Console logging: disabled</STRONG></P><P><STRONG>&nbsp;&nbsp;&nbsp; Monitor logging: disabled</STRONG></P><P><STRONG>&nbsp;&nbsp;&nbsp; Buffer logging: disabled</STRONG></P><P><STRONG>&nbsp;&nbsp;&nbsp; Trap logging: level critical, facility 16, 970565 messages logged</STRONG></P><P><STRONG>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Logging to inside 192.168.1.210 errors: 70&nbsp; dropped: 1162</STRONG></P><P><STRONG>&nbsp;&nbsp;&nbsp; Permit-hostdown logging: disabled</STRONG></P><P><STRONG>&nbsp;&nbsp;&nbsp; History logging: disabled</STRONG></P><P><STRONG>&nbsp;&nbsp;&nbsp; Device ID: hostname "asa1"</STRONG></P><P><STRONG>&nbsp;&nbsp;&nbsp; Mail logging: disabled</STRONG></P><P><STRONG>&nbsp;&nbsp;&nbsp; ASDM logging: level warnings, 4035521 messages logged</STRONG></P><P></P><P>Thanks!</P> Mon, 11 Mar 2019 23:19:05 GMT https://community.cisco.com/t5/network-security/asa-drops-syslog-traffic/m-p/1976818#M440858 justinfarmer 2019-03-11T23:19:05Z https://community.cisco.com/t5/network-security/asa-drops-syslog-traffic/m-p/1976819#M440859 <HTML><HEAD></HEAD><BODY><P>Well, all these VM, XenServer and ASA are on the same subnet right? Mask is /24?</P><P>If so, why are the packets going between 1.200 to 1.210 going to the ASA?</P><P></P><P>If these are on different subnet then the topology should look like this:</P><P></P><P>VM---ASA---Syslog_Server</P><P></P><P>And, you need to provide translation for the VM host.</P><P>static (inside,outside) VM_IP VM_IP</P><P></P><P>-Kureli</P></BODY></HTML> Mon, 18 Jun 2012 21:37:31 GMT https://community.cisco.com/t5/network-security/asa-drops-syslog-traffic/m-p/1976819#M440859 Kureli Sankar 2012-06-18T21:37:31Z