cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1023
Views
5
Helpful
3
Replies

Cisco ASA syslog command issue

goodbye2015
Level 1
Level 1

Cisco ASA 5550

Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(9)
System image file is "disk0:/asa825-k8.bin"

===============================================

Such a thing happened today, my asa using remote syslog server. previous configuration as follows:

asa# sh run | include logging
logging enable
logging trap warnings

logging host dmz_service 192.168.100.16

i was creating a new syslog server 192.168.100.17 using tcp port 11001 to accept remote message. so i made the modification. 

asa(config)# logging host dmz_service 192.168.100.17 tcp/11001

WARNING: interface Rdundant1.15 security level is 60.

why this warning pop up,after that, all traffic between the zones was forbid on ASA.

unbelievably. it was recovery when i "no logging host dmz_service 192.168.100.17 tcp/11001"

it cause severe productive accident.i feel so confused until now. anybody can help me?

1 Accepted Solution

Accepted Solutions

Please check if the host 192.168.100.17 is reachable from the ASA.  On the ASA, if  the TCP SYSLOG server is unreachable, it  will drop all traffic through the device. This is a default behavior on the ASA.

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html

To change the default behavior, configure the option "logging permit-hostdown" . This will make sure all the connection through the ASA is not denied, if the SYSLOG server is unreachable from the ASA.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/command/reference/cmd_ref/l2.html

Regards

Akhil

View solution in original post

3 Replies 3

Ajay Saini
Level 7
Level 7

Could you please attach the output of 'show nameif'

-AJ

Please check if the host 192.168.100.17 is reachable from the ASA.  On the ASA, if  the TCP SYSLOG server is unreachable, it  will drop all traffic through the device. This is a default behavior on the ASA.

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html

To change the default behavior, configure the option "logging permit-hostdown" . This will make sure all the connection through the ASA is not denied, if the SYSLOG server is unreachable from the ASA.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/command/reference/cmd_ref/l2.html

Regards

Akhil

got it.

thank you for your help!

Review Cisco Networking for a $25 gift card