Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

can't get syslog from PIX515e

Posted on 2009-02-11
4
Medium Priority
?
630 Views
Last Modified: 2012-08-13
I have been having problems seeing my network using remote-site VPN (still open question) I was advised to check the syslog of my PIX515e to see if a misconfiguration of ACL is causing this. i have followed the configurations steps for syslog of Cisco.com and i have on my local machine installed Syslog Watcher Pro. so far I can't receive any information from my PIX. my network is setup to have a DMZ behind the firewall, could that be it?
 I use ASDM for most of my configurations.
bellow are my PIX configurations:
PIX Version 7.2(2)
!
hostname Khalifa-Sec-Boys-FW
domain-name khalifasb.edu.qa
enable password * encrypted
names
!
interface Ethernet0
 nameif outside
 security-level 0
 ip address 89.211.46.242 255.255.255.248
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 10.3.16.253 255.255.255.0
!
interface Ethernet2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet5
 shutdown
 no nameif
 no security-level
 no ip address
!
passwd * encrypted
ftp mode passive
dns server-group DefaultDNS
 domain-name khalifasb.edu.qa
access-list inside extended permit ip any any
access-list inside extended permit icmp any any
access-list OUTSIDE extended permit tcp any host 89.211.46.244 eq smtp
access-list OUTSIDE extended permit tcp any host 89.211.46.244 eq https
access-list OUTSIDE extended permit tcp any host 89.211.46.243 eq www
access-list users_splitTunnelAcl standard permit any
access-list inside_nat0_outbound extended permit ip any 10.3.19.192 255.255.255
192
access-list UsersVPN standard permit 10.3.17.0 255.255.255.0
access-list UsersVPN standard permit 10.3.18.0 255.255.255.0
access-list UsersVPN standard permit 10.17.16.0 255.255.255.0
access-list UsersVPN standard permit 10.17.17.0 255.255.255.0
access-list UsersVPN standard permit 10.17.18.0 255.255.255.0
pager lines 24
logging enable
logging timestamp
logging asdm-buffer-size 512
logging buffered debugging
logging asdm debugging
logging from-address pixsyslog@khalifa-s-b.edu.qa
logging recipient-address nader_subaih@khalifa-s-b.edu.qa level notifications
logging host inside 10.3.18.80 6/1470
mtu outside 1500
mtu inside 1500
ip local pool VPN-Pool 10.3.19.200-10.3.19.253 mask 255.255.254.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 10.3.16.0 255.255.255.0
nat (inside) 1 10.17.16.0 255.255.255.0
nat (inside) 1 10.17.17.0 255.255.255.0
nat (inside) 1 10.3.18.0 255.255.254.0
nat (inside) 1 10.17.18.0 255.255.254.0
static (inside,outside) tcp 89.211.46.244 https 10.3.16.11 https netmask 255.25
.255.255
static (inside,outside) tcp 89.211.46.244 smtp 10.3.16.11 smtp netmask 255.255.
55.255
static (inside,outside) tcp 89.211.46.243 www 10.3.16.14 www netmask 255.255.25
.255
access-group OUTSIDE in interface outside
route outside 0.0.0.0 0.0.0.0 89.211.46.241 1
route inside 10.3.17.0 255.255.255.0 10.3.16.254 1
route inside 10.3.18.0 255.255.255.0 10.3.16.254 1
route inside 192.168.1.0 255.255.255.0 10.3.16.254 1
route inside 10.17.17.0 255.255.255.0 10.3.16.254 1
route inside 10.17.18.0 255.255.254.0 10.3.16.254 1
route inside 10.17.16.0 255.255.255.0 10.3.16.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
group-policy users internal
group-policy users attributes
 dns-server value 10.3.16.10
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value users_splitTunnelAcl
 default-domain value khalifasb.edu.qa
username nader password CEdJXQTRpBUkygd5 encrypted privilege 0
username nader attributes
 vpn-group-policy users
http server enable
http 192.168.1.0 255.255.255.0 inside
http 10.3.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-256-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
tunnel-group users type ipsec-ra
tunnel-group users general-attributes
 address-pool VPN-Pool
 default-group-policy users
tunnel-group users ipsec-attributes
 pre-shared-key *
telnet 10.3.16.0 255.255.255.0 inside
telnet 10.3.18.0 255.255.254.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect http
  inspect icmp
  inspect netbios
  inspect ftp
  inspect tftp
  inspect skinny
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect sqlnet
  inspect sunrpc
  inspect sip
  inspect xdmcp
policy-map global_poliocy
!
service-policy global_policy global
smtp-server 10.3.16.11
prompt hostname context
Cryptochecksum:*
: end
0
Comment
Question by:nader911t
3 Comments
 
LVL 29

Accepted Solution

by:
Alan Huseyin Kayahan earned 672 total points
ID: 23620287
Hello nader911t,
      Most probably, a software firewall like Windows Firewall is blocking syslog port UDP 514. Yet you dont need a syslog server since ASDM has one built-in.

Regards
0
 
LVL 32

Assisted Solution

by:Kamran Arshad
Kamran Arshad earned 672 total points
ID: 23620558
0
 
LVL 43

Assisted Solution

by:JFrederick29
JFrederick29 earned 672 total points
ID: 23621310
Add this:

logging trap informational

Also, verify the syslog server is listening on 1470
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question