Search This Blog

Wednesday, November 25, 2015

Cisco ASA syslog through IPsec tunnel

In this scenario we have a Cisco ASA which connected to remote branch using IPsec tunnel and we want to send all syslog messages to a remote syslog server through the IPsec tunnel.
Network diagram:

For this we will have to use the management interface (and no I don’t mean the dedicated management interface) which can be found under Device Management -> Management Access -> Management Interface:

This feature instructs the ASA which interface to use for management purposes such SNMP, Syslog, icmp replay and more.

When you try to ping the ASA interface you will get an answer only if you reside on the same interface which you tried to ping (and of course allow icmp under Device Management -> Management Access -> icmp).

So back to remote syslog configuration, first configure the interface which you want the ASA will use to send syslog messages, here I select the INTERNAL interface (as in the image above).

Then configure the syslog server as follow:

Note that I choose interface INTERNAL rather than EXTERNAL.

In CLI you may see the following message:

ASA-1(config)# logging host INTERNAL
WARNING:  configured logging host interface conflicts with route table entry

Just ignore it, this is a cosmetic issue following bug CSCur60060.

Using Management interface will allow also remote access client to connect to the ASA using ASDM or SSH.

No comments:

Post a Comment