In this scenario we have a Cisco ASA which
connected to remote branch using IPsec tunnel and we want to send all syslog
messages to a remote syslog server through the IPsec tunnel.
Network diagram:
For this we will have to use the management interface
(and no I don’t mean the dedicated management interface) which can be found
under Device Management -> Management Access -> Management Interface:
This feature instructs the ASA which interface
to use for management purposes such SNMP, Syslog, icmp replay and more.
When you try to ping the ASA interface you will
get an answer only if you reside on the same interface which you tried to ping
(and of course allow icmp under Device Management -> Management Access ->
icmp).
So back to remote syslog configuration, first
configure the interface which you want the ASA will use to send syslog
messages, here I select the INTERNAL interface (as in the image above).
Then configure the syslog server as follow:
Note that I choose interface INTERNAL rather than
EXTERNAL.
In CLI you may see the following message:
ASA-1(config)# logging host
INTERNAL 10.2.0.100
WARNING: configured logging host interface conflicts
with route table entry
|
Just ignore it, this is a cosmetic issue following bug CSCur60060.
Using Management interface will allow also
remote access client to connect to the ASA using ASDM or SSH.
No comments:
Post a Comment