• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1837
  • Last Modified:

ASA-4-313005

Hello,
I'm trying to send syslog message from cisco switch 2960 to a syslog server, but there's a firewall sits between the switch and the syslog server. I can ping from hosts connected to the switch to the log server, but I can't ping from the switch itself to the log server, and I get error message 313005, and the ASA dropping the icmp because there's no session established for this connection. What should I do in the firewall, to allow syslog message to be sent to the syslog server.
0
omar07
Asked:
omar07
  • 10
  • 4
  • 3
  • +3
1 Solution
 
jmanishbabuCommented:
Configuring a Cisco PIX Firewall for Syslog
0
 
jmanishbabuCommented:
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
omar07Author Commented:
ASA is already configured to send syslog messages to the syslog server.
0
 
fgasimzadeCommented:
Ii your PC and the switch are in the same subnet?
0
 
omar07Author Commented:
The switch is in different subnet of the syslog server
0
 
fgasimzadeCommented:
No, no, you say you can ping syslog server from PC but can not ping it from the switch. PC and switch, are the in the same subnet?
0
 
omar07Author Commented:
Yes PC and switch in the same subnet, I can ping from the PC , but not from the switch.
0
 
fgasimzadeCommented:
Do you have any other IPs configured on the switch?

The reason i am asking is that Cisco switches can have multiple interface vlan configured, and when you ping from the switch, you need to specify a source ip address
0
 
omar07Author Commented:
Only one vlan, and IP configured in the switch.
0
 
ArneLoviusCommented:
I presume that the switch is "outside" and the syslog server in "inside"

Are the "inside" and "outside" interfaces on the ASA both on private addresses ?

Does the switch have a management interface on the same subnet as the hosts that are connected to it ?

What is the default gateway of the switch ?

Is the ASA in "bridge" mode ? routed mode ? or routed mode with NAT ?
0
 
omar07Author Commented:
Hello,
The switch is on the inside network and the syslog server is on users network.
The outside interface is public ip address
The management interface is disabled, and the syslog server is on the users network.
the default gateway is pointing the inside interface of the ASA (inside)
The ASA is in routed mode.
0
 
pergrCommented:
The switch needs to have a default-gateway configured, and pointing to the ASA.
0
 
Istvan KalmarCommented:
please shoe the configs
0
 
omar07Author Commented:
The switch has default gateway and pointing to the inside interface of the ASA not to the users interface where the syslog server reside.
0
 
omar07Author Commented:
please find attached diagram
logserver-001.jpg
0
 
Istvan KalmarCommented:
Hi,

Do you have acl between inside and user for enable syslog?
0
 
omar07Author Commented:
I can ping from inside to the syslog server and I can ping from the syslog server to the inside, but not to the switch, because I added route in each PC to the inside network
0
 
fgasimzadeCommented:
Whats is your defaulte gateway on PCs? Why did you have to manually add routes?

Try adding a route on the switch as well
0
 
omar07Author Commented:
I'm sorry, I can ping from the switch to the log server, but I'm not getting any logs.
0
 
pergrCommented:
You need a rule on the ASA that will allow syslog messages.

Just because ping (icmp) is allowed, it does not mean syslog is allowed.
0
 
omar07Author Commented:
the switch is in the inside network security level 100 and the syslog server in users interface security level 99. Do I still need rule for the switch to send syslog messages to the syslog server
0
 
ArneLoviusCommented:
if you only have the default rule, you don't, if you have added any rules, then you might.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

  • 10
  • 4
  • 3
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now