OK a little more info. We have a PIX-PIX VPN set up so encryption only
pertains to connections between the two office locations over a dedicated
connection. In our location, there is a network outside the PIX before it
goes to the Router to the other location. The box sitting on the outside
the pix but inside the router is the one that needs to have a port opened to
a syslog server on the inside interface of the PIX.
Tried setting a static IP so the syslog server has an IP on the outside
interface subnet.
Opened a conduit for that VIP for syslog.
Added to the ACL of the PIX-PIX VPN when the above 2 didn't work (& it
should because the VPN is only for destined traffic between the 2 sites).
Anything else? Ports I missed? I believe it was 514 but the PIX translates
it to syslog when you open that port.
----- Original Message -----
From: "Allen May" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 06, 2001 4:23 PM
Subject: PIX question
> I have a PIX using IPSec for a VPN tunnel between 2 networks. On the
> outside interface is a box using SYSLOG trying to write to a box on the
> inside interface. I made an external static IP for the internal box,
added
> a conduit to permit udp-syslog...nothing. Tried adding access-list #
permit
> udp host <host-ip> host <statically assigned external ip> eq syslog.
>
> The access list is the one used in the IPSec VPN. Any ideas why I get
> denied in logging?
>
>
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
