11-20-2013 08:46 PM - edited 03-11-2019 08:07 PM
I have been trying to get my ASA to send syslog out of the management interface without any luck. When I do a packet tracer it says that the global implicit deny rule is blocking it, but I tried to add a permit all in front of it and it still blocks it. Everything is configured correctly from what I can tell and the static routes and routing are correct. This has me baffled. Does anyone know what might be causing this or what I should look at in the config to get this working?
11-21-2013 12:29 AM
Have you removed the management-only command from the interface?
interface mgmt0/0
no management-only
--
Please rate all helpful posts.
11-21-2013 12:30 AM
If you have removed that command, please post a full sanitized running config of your ASA,
--
Please rate all helpful posts.
11-22-2013 01:27 AM
Yes, we removed the management-only command and have tried pretty much everything.
11-22-2013 01:36 AM
could you please post a full sanitized running config of your ASA.
--
Please rate all helpful posts.
11-23-2013 02:17 PM
Hi Mark,
Talking of packet tracer, it would give you correct output for a through the box traffic, not for to the box or from the box traffic.
So firstly we have two questions:
1) Is this a through the box traffic, then you need to permit the traffic through ACL(if from lower sec level to higher) and add a NAT statement(depending on the ASA IOS Version you are using anything above 8.2.5 wont require a NAT).
2) If this is a syslog from the firewall scenario, then you need to make sure to get the following logging configuration on ASA
-enable logging
-logging host management X.X.X.X --------(X.X.X.X is the ip of the syslog server)
-logging trap debugging ----------(debugging is the level, you could use any other too, but to check would sugest this one)
-Further if you have already sorted out till here, get us the following outputs:
-show run
-show logging
-show logging queue
Hope it helps
Cheers,
Naveen
Please Rate Helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide