12-03-2004 08:52 PM - edited 02-20-2020 11:47 PM
Hi there...
I have problem here with logging message, i want to configure my server to receive syslog from the pix, and add this command
logging host inside 192.168.1.2 tcp/1468
when i entered this command, i can't browse the internet,what is the problem actually?..here is my config, any help would be appreciated, Thanks
Tonny
access-list 100 permit ip host 192.168.1.9 192.168.100.0 255.255.255.0
access-list outside_access_in deny icmp any any
access-list outside_access_in deny tcp any any
access-list outside_access_in deny udp any any
pager lines 24
logging on
logging monitor debugging
logging buffered debugging
logging trap debugging
icmp deny any outside
mtu outside 1500
mtu inside 1500
ip address outside x.x.x.x 255.0.0.0
ip address inside 192.168.1.1 255.255.255.0
ip audit name ATTACKPOLICY attack action alarm drop
ip audit name INTRUDERINFO info action alarm drop
ip audit interface outside INTRUDERINFO
ip audit interface outside ATTACKPOLICY
ip audit info action alarm
ip audit attack action alarm
ip local pool vpnpool 192.168.100.1-192.168.100.254
pdm location 192.168.1.9 255.255.255.255 inside
pdm location 192.168.1.2 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 0 access-list 100
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 10.1.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
aaa-server AuthPIX protocol tacacs+
aaa-server AuthPIX (inside) host 192.168.1.2 TacacsKey timeout 10
aaa-server AuthOut protocol tacacs+
url-server (inside) vendor websense host 192.168.1.2 timeout 5 protocol TCP vers
ion 1
aaa authentication ssh console AuthPIX
http server enable
http 192.168.1.2 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
tftp-server inside 192.168.1.2 c:\cisco
floodguard enable
sysopt connection permit-ipsec
auth-prompt reject You're not authorized
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap client configuration address initiate
crypto map mymap client configuration address respond
crypto map mymap client authentication LOCAL
crypto map mymap interface outside
isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup **** address-pool vpnpool
vpngroup **** split-tunnel 100
vpngroup **** idle-time 4800
vpngroup **** password ********
telnet 192.168.1.2 255.255.255.255 inside
telnet timeout 60
ssh timeout 5
console timeout 0
username xxx password xxxxxx
privilege 2
username xxx password xxxxxx
privilege 15
privilege show level 10 command access-list
privilege configure level 11 command access-list
privilege clear level 12 command access-list
12-03-2004 10:55 PM
Hi tonny,
There will be problems if you are going to do a syslog , and there is no syslog server on the inside. make sure you enable the syslog on the configured server on the particular port. The NAT translations might not happen if this is wrongly configured.
If you are using TCP as the logging transport protocol, the PIX Firewall stops passing traffic as a security measure if any of the following error conditions occur: the PIX Firewall is unable to reach the syslog server; the syslog server is misconfigured (such as with PFSS, for example); or the disk is full. (UDP-based logging does not prevent the PIX Firewall from passing traffic if the syslog server fails.)
To enable the PIX Firewall to pass traffic again, do the following:
--------------------------------------------------------------------------------
Step 1 Identify and correct the syslog server connectivity, misconfiguration, or disk space error condition.
Step 2 Enter the command logging host inside 10.1.1.1 tcp/1468 to enable the logging again.
Alternately, you can change the logging to default logging on UDP/514 by issuing the command logging host inside 10.1.1.1. UDP-based logging passes traffic even if the syslog server fails.
Its always better to enable the syslog on the switches by doing a SPAN. The command to do that is as follows:
switch(config)#monitor session 1 source interface *** (interface where the PIX inside is connected)
switch(config)#monitor session 1 destination interface *** (interface where the syslog server is connected)
Hope this helps..
Raj
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: