Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
255
Views
0
Helpful
1
Replies

transit syslog being dropped

ryancisco01
Level 1
Level 1

‎07-10-2016 11:34 PM - edited ‎03-12-2019 01:00 AM

Hi guys,

here is our setup:

syslog server <-> ASA Internal <-> ASA external

Both ASA's are set to send syslog to the same IP address and the Internal works but the external does not. (Ping to syslog from both asa is working)

What I am seeing is using packet capture on ASA internal, on the interface facing external I can see syslog traffic being received (so this rules external asa out of the picture), however on the ASA internal interface facing syslog server no packets being captured.

I have used packet tracer to simulate the traffic and it shows allowed and appropriate acl is configured (there is no outbound acl configured)

I believe the issue may be due to the fact both ASA's are using 514 as their source port and destination port. I see no other reason for ASA Internal to drop the traffic which it clearly is doing. Is there any reason for ASA to drop traffic if source port are the same?

Can there be any other explanations for this?

thanks!

Labels:
0 Helpful
1 Reply 1

m.kafka
Level 4
Level 4

‎07-12-2016 10:36 AM

Has the "internal ASA" NAT configured?

In that case a NAT-exemption could help.

That's all I can think of with this little information.

Rgds, MiKa

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card