syslog asa help required

elite2010 · ‎05-07-2017

Hi,

Here is the syslog from asa

where OUTSIDE-1.1.1.1 is the outside interface name the ip address 1.1.1.1 and remote ip is 2.2.2.2 :636

The asa is trying to connect using the outside interface (1.1.1.1) to remote 2.2.2.2 :636

What does it mean by the below logs

6|Apr 30 2017|11:32:26|302014|2.2.2.2|636|OUTSIDE-1.1.1.1|34417|Teardown TCP connection 1729968073 for Outside:2.2.2.2/636 to identity:|OUTSIDE-1.1.1.1/34417 duration 0:01:02 bytes 62 Connection timeout
6|Apr 30 2017|11:31:23|302013|OUTSIDE-1.1.1.1|34417|2.2.2.2|636|Built outbound TCP connection 1729968073 for Outside:2.2.2.2/636 (2.2.2.2/636) to identity:|OUTSIDE-1.1.1.1/34417 (OUTSIDE-newIP-18/34417)

from inside ip , for example 10.10.10.10 /24 I can reach the 2.2.2.2 :636

Thanks

Akhil.Balachandran · ‎05-08-2017

Hi,

From the logs it looks like the syslog server did not respond and the connection timed out.

Is this traffic going through a VPN tunnel.

Please apply the below capture on the outside interface,

capture capout interface OUTSIDE-1.1.1.1 match tcp host 1.1.1.1 host 2.2.2.2

show capture capout.

Regards

Akhil

elite2010 · ‎05-08-2017

Hi,

Thanks for the reply

How do I clear once i captured the traffic

Thanks again

Akhil.Balachandran · ‎05-08-2017

Hi,

The command is

clear capture capout

Regards

Akhil

elite2010 · ‎05-08-2017

Hi

pcap screenshot attached ,Its not going the vpn tunnel

Thanks