Solved

ASA-4-313005

Posted on 2013-02-06
25
1,505 Views
Last Modified: 2013-02-11
Hello,
I'm trying to send syslog message from cisco switch 2960 to a syslog server, but there's a firewall sits between the switch and the syslog server. I can ping from hosts connected to the switch to the log server, but I can't ping from the switch itself to the log server, and I get error message 313005, and the ASA dropping the icmp because there's no session established for this connection. What should I do in the firewall, to allow syslog message to be sent to the syslog server.
0
Comment
Question by:omar07
  • 10
  • 4
  • 3
  • +3
25 Comments
 
LVL 10

Expert Comment

by:jmanishbabu
Comment Utility
0
 
LVL 10

Expert Comment

by:jmanishbabu
Comment Utility
Configuring a Cisco PIX Firewall for Syslog
0
 
LVL 10

Expert Comment

by:jmanishbabu
Comment Utility
0
 

Author Comment

by:omar07
Comment Utility
ASA is already configured to send syslog messages to the syslog server.
0
 
LVL 18

Expert Comment

by:fgasimzade
Comment Utility
Ii your PC and the switch are in the same subnet?
0
 

Author Comment

by:omar07
Comment Utility
The switch is in different subnet of the syslog server
0
 
LVL 18

Expert Comment

by:fgasimzade
Comment Utility
No, no, you say you can ping syslog server from PC but can not ping it from the switch. PC and switch, are the in the same subnet?
0
 

Author Comment

by:omar07
Comment Utility
Yes PC and switch in the same subnet, I can ping from the PC , but not from the switch.
0
 
LVL 18

Expert Comment

by:fgasimzade
Comment Utility
Do you have any other IPs configured on the switch?

The reason i am asking is that Cisco switches can have multiple interface vlan configured, and when you ping from the switch, you need to specify a source ip address
0
 

Author Comment

by:omar07
Comment Utility
Only one vlan, and IP configured in the switch.
0
 
LVL 36

Expert Comment

by:ArneLovius
Comment Utility
I presume that the switch is "outside" and the syslog server in "inside"

Are the "inside" and "outside" interfaces on the ASA both on private addresses ?

Does the switch have a management interface on the same subnet as the hosts that are connected to it ?

What is the default gateway of the switch ?

Is the ASA in "bridge" mode ? routed mode ? or routed mode with NAT ?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:omar07
Comment Utility
Hello,
The switch is on the inside network and the syslog server is on users network.
The outside interface is public ip address
The management interface is disabled, and the syslog server is on the users network.
the default gateway is pointing the inside interface of the ASA (inside)
The ASA is in routed mode.
0
 
LVL 17

Expert Comment

by:pergr
Comment Utility
The switch needs to have a default-gateway configured, and pointing to the ASA.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
Comment Utility
please shoe the configs
0
 

Author Comment

by:omar07
Comment Utility
The switch has default gateway and pointing to the inside interface of the ASA not to the users interface where the syslog server reside.
0
 

Author Comment

by:omar07
Comment Utility
please find attached diagram
logserver-001.jpg
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
Comment Utility
Hi,

Do you have acl between inside and user for enable syslog?
0
 

Author Comment

by:omar07
Comment Utility
I can ping from inside to the syslog server and I can ping from the syslog server to the inside, but not to the switch, because I added route in each PC to the inside network
0
 
LVL 18

Expert Comment

by:fgasimzade
Comment Utility
Whats is your defaulte gateway on PCs? Why did you have to manually add routes?

Try adding a route on the switch as well
0
 

Author Comment

by:omar07
Comment Utility
I'm sorry, I can ping from the switch to the log server, but I'm not getting any logs.
0
 
LVL 17

Expert Comment

by:pergr
Comment Utility
You need a rule on the ASA that will allow syslog messages.

Just because ping (icmp) is allowed, it does not mean syslog is allowed.
0
 

Author Comment

by:omar07
Comment Utility
the switch is in the inside network security level 100 and the syslog server in users interface security level 99. Do I still need rule for the switch to send syslog messages to the syslog server
0
 
LVL 36

Accepted Solution

by:
ArneLovius earned 500 total points
Comment Utility
if you only have the default rule, you don't, if you have added any rules, then you might.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now