10-16-2013 07:45 AM - edited 03-11-2019 07:52 PM
Hello Everyone,
I have my ASA(5512 running 9.0 (2) ) at X.X.2.20 and my syslog server is at X.X.3.16. will it be possible to send the syslog traffic through my management interface ?
i.e., logging host management X.X.3.16
will this be possible or should I mention my Inside interface for logging ?
Solved! Go to Solution.
10-16-2013 08:59 AM
The short answer is yes, but this is going to depend on the routing topology and IPS environment. On older ASA hardware without IPS, you can turn off "management-only", which would allow secondary uses such as logging. On new 5512-x hardware with IPS, you can't, and the logging has to go via some other interface. If the firewall only has one IP address then it is presumably running in transparent mode; there would have to be a connected router or layer-3 switch which could forward packets from the x.x.2 subnet to x.x.3 subnet. Also, management interfaces tend to be lower bandwidth than the main interfaces; depending on your traffic levels this is probably not a further obstacle.
Personally, I run my ASA 5525-x firewalls in routed mode, and am lucky enough to be able to put syslog servers on-link with them via connected interfaces. However, as long as the routing topology will deliver the packets, the syslog server can be anywhere, even upstream of the outside interface. An example configuration which might work in the situation you are describing:
interface management0/0
nameif management
no management-only
security-level 100
ip address x.x.2.20 255.255.255.0
logging host management x.x.3.16
-- Jim Leinweber, WI State Lab of Hygiene
10-16-2013 09:03 AM
Hi,
If the Syslog server is located at the Branch office and Branch office network is located behind your "inside" interface then you could use the "inside" interface in the "logging" command to send the Syslog through that interface.
- Jouni
10-16-2013 08:43 AM
Hi,
Where is the Syslog server IP located according to the ASA routing table?
- Jouni
10-16-2013 08:58 AM
Hello Jouni,
my syslog server is at one location (Branch office) and the firewall is at main Office.
this is my topology
Firewall<----------->Internal Router<----------->branch office router------->syslog server
the main office has X.X.2.0 network and the branch office has 3.0 network.
I am sure that I can't use the management network to route the syslog traffic but is there any way to do it. And will it be ok if I mention Inside Interface instead of Management in the command "logging host inside X.X.3.16" to router the syslog traffic to the server or is there any extra configuration.
thanks
--
Raj
10-16-2013 09:03 AM
Hi,
If the Syslog server is located at the Branch office and Branch office network is located behind your "inside" interface then you could use the "inside" interface in the "logging" command to send the Syslog through that interface.
- Jouni
10-16-2013 08:59 AM
The short answer is yes, but this is going to depend on the routing topology and IPS environment. On older ASA hardware without IPS, you can turn off "management-only", which would allow secondary uses such as logging. On new 5512-x hardware with IPS, you can't, and the logging has to go via some other interface. If the firewall only has one IP address then it is presumably running in transparent mode; there would have to be a connected router or layer-3 switch which could forward packets from the x.x.2 subnet to x.x.3 subnet. Also, management interfaces tend to be lower bandwidth than the main interfaces; depending on your traffic levels this is probably not a further obstacle.
Personally, I run my ASA 5525-x firewalls in routed mode, and am lucky enough to be able to put syslog servers on-link with them via connected interfaces. However, as long as the routing topology will deliver the packets, the syslog server can be anywhere, even upstream of the outside interface. An example configuration which might work in the situation you are describing:
interface management0/0
nameif management
no management-only
security-level 100
ip address x.x.2.20 255.255.255.0
logging host management x.x.3.16
-- Jim Leinweber, WI State Lab of Hygiene
10-16-2013 10:14 AM
Hello James,
Thank you for the response. I am working on the Old ASA without IPS and It is running in Routed mode.
it is not letting me to push the command "no management-only". I think I need to use the inside interface to router this traffic.
yet I am curious to know if we can still use the management interface to router this traffic.
Thanks for your help.
--
Raj
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide