Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1804
Views
0
Helpful
2
Replies

Getting syslog data through a tunnel in PIX-to-PIX environment

sawyerc
Level 1
Level 1

‎10-25-2001 12:04 PM - edited ‎02-20-2020 09:52 PM

I'd like to be able to get syslog data from the remote firewall in our environment. We have pix-to-pix vpns connecting them.

It doesn't want to work for us and I'm curious if someone's figured a way for it to work.

Thanks in advance.....

0 Helpful
2 Replies 2

dgs127
Level 1
Level 1

‎10-26-2001 08:31 AM

We have a central syslog server and manage a large number of pixes.

We also want to have the Syslog and SNMP messages run over the VPN tunnel.

I believe the problem is that the source address of the messages is the external interface ip. The external interface is not typically covered in a ACL for the VPN tunnel (normally you use the inside addresses).

I hope to work on this problem in the next little while and will post the results of the testing.

0 Helpful

sawyerc
Level 1
Level 1
In response to dgs127

‎10-27-2001 01:49 PM

That sounds like a reasonable description to me of the problem. I've done a little testing with changing the command to reference the outside interface -- that doesn't work either. And if it did, the syslog data would probably be sent in the clear -- not good.

I have a vague memory of a thought/or I heard someone ponder on whether or not it'd be possible to build a special tunnel for that traffic.....I haven't been able to visualize a method of doing that yet.......

It is nice to know that I'm not the only one trying to do this will less than immediate results -- it means I'm not being totally stupid!! I had it when the answers are a forehead slapper when I hear them!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card