06-27-2012 06:30 AM
Hi, I wonder if anyone has a quick solution to my problem here. We have multiple servers on the DMZ (192.168.2.0/24) but they cannot access any resources in the Inside, by default. We would like to open up a Syslog server from the Inside (10.1.1.5) to the DMZ servers, so we can collect system log from the servers. What's the best way to configure this?
Thanks.
Solved! Go to Solution.
06-27-2012 11:34 AM
Hi,
Standard syslog servers use udp/514. Once you configure the syslog IP in your DMZ servers, connection will be inititiated from DMZ to Inside syslog server. You need to configure accesslist to alllow this..
!
access-list DMZ2IN extended permit udp 192.168.2.0 255.255.255.0 host 10.1.1.5 eq 514
!
You may already have an existing ACL for DMZ servers to access internet. So apply in proper order.
hth
MS
06-27-2012 11:34 AM
Hi,
Standard syslog servers use udp/514. Once you configure the syslog IP in your DMZ servers, connection will be inititiated from DMZ to Inside syslog server. You need to configure accesslist to alllow this..
!
access-list DMZ2IN extended permit udp 192.168.2.0 255.255.255.0 host 10.1.1.5 eq 514
!
You may already have an existing ACL for DMZ servers to access internet. So apply in proper order.
hth
MS
06-27-2012 04:05 PM
Thank you very much for your help. I just realized that there is a license restriction on our 5505 to allow DMZ to Inside access, since it was setup to allow DMZ to outside already.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide