https://community.cisco.com/t5/network-security/getting-syslog-data-through-a-tunnel-in-pix-to-pix-environment/m-p/107727#M687851 <P>I'd like to be able to get syslog data from the remote firewall in our environment. We have pix-to-pix vpns connecting them.</P><P></P><P>It doesn't want to work for us and I'm curious if someone's figured a way for it to work.</P><P></P><P>Thanks in advance.....</P> Fri, 21 Feb 2020 05:52:57 GMT sawyerc 2020-02-21T05:52:57Z https://community.cisco.com/t5/network-security/getting-syslog-data-through-a-tunnel-in-pix-to-pix-environment/m-p/107727#M687851 <P>I'd like to be able to get syslog data from the remote firewall in our environment. We have pix-to-pix vpns connecting them.</P><P></P><P>It doesn't want to work for us and I'm curious if someone's figured a way for it to work.</P><P></P><P>Thanks in advance.....</P> Fri, 21 Feb 2020 05:52:57 GMT https://community.cisco.com/t5/network-security/getting-syslog-data-through-a-tunnel-in-pix-to-pix-environment/m-p/107727#M687851 sawyerc 2020-02-21T05:52:57Z https://community.cisco.com/t5/network-security/getting-syslog-data-through-a-tunnel-in-pix-to-pix-environment/m-p/107728#M687852 <HTML><HEAD></HEAD><BODY><P>We have a central syslog server and manage a large number of pixes. </P><P></P><P>We also want to have the Syslog and SNMP messages run over the VPN tunnel. </P><P></P><P>I believe the problem is that the source address of the messages is the external interface ip. The external interface is not typically covered in a ACL for the VPN tunnel (normally you use the inside addresses).</P><P></P><P>I hope to work on this problem in the next little while and will post the results of the testing.</P><P></P><P></P></BODY></HTML> Fri, 26 Oct 2001 15:31:34 GMT https://community.cisco.com/t5/network-security/getting-syslog-data-through-a-tunnel-in-pix-to-pix-environment/m-p/107728#M687852 dgs127 2001-10-26T15:31:34Z https://community.cisco.com/t5/network-security/getting-syslog-data-through-a-tunnel-in-pix-to-pix-environment/m-p/107729#M687853 <HTML><HEAD></HEAD><BODY><P>That sounds like a reasonable description to me of the problem. I've done a little testing with changing the command to reference the outside interface -- that doesn't work either. And if it did, the syslog data would probably be sent in the clear -- not good.</P><P></P><P>I have a vague memory of a thought/or I heard someone ponder on whether or not it'd be possible to build a special tunnel for that traffic.....I haven't been able to visualize a method of doing that yet.......</P><P></P><P>It is nice to know that I'm not the only one trying to do this will less than immediate results -- it means I'm not being totally stupid!! I had it when the answers are a forehead slapper when I hear them!</P><P></P><P></P></BODY></HTML> Sat, 27 Oct 2001 20:49:07 GMT https://community.cisco.com/t5/network-security/getting-syslog-data-through-a-tunnel-in-pix-to-pix-environment/m-p/107729#M687853 sawyerc 2001-10-27T20:49:07Z