Solved: Outbound internet access not allowed when syslog server is rebooted

l8nite4me2 · ‎06-28-2011

Hello and thank you for taking the time to view this question.

I have recently setup Splunk to receive my syslog messages from my ASA 5510. In the past I used kiwi without observing this issue, but I needed more features than kiwi had available. Anyway, anytime I stop the splunk service my asa does not allow any outbound connections to be established.

Any ideas would be appreciated and any further information you need just ask. I didn't want to clog up the post with alot of erroneous clutter.

Thanks

Maykol Rojas · ‎06-28-2011

By default, if the the syslog is running via TCP, and the ASA cannot access it or cannot reach it, it will stop all traffic across it until it has connectivity again.

To avoid this, use the logging on UDP or use the following command:

Logging permit-hostdown

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/l2.html#wp1773624

Cheers

Mike

View solution in original post

Maykol Rojas · ‎06-28-2011

By default, if the the syslog is running via TCP, and the ASA cannot access it or cannot reach it, it will stop all traffic across it until it has connectivity again.

To avoid this, use the logging on UDP or use the following command:

Logging permit-hostdown

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/l2.html#wp1773624

Cheers

Mike

l8nite4me2 · ‎06-29-2011

Mike,

UGH, I knew that. Sometimes you go brain dead on the simplest things.

Thanks for the help