RE: Management Traffic for ASA5505 from Routt, Rob on 2009-11-19 (Ccielab archives 11/2009)

From: Routt, Rob <Rob.Routt_at_itron.com>
Date: Wed, 18 Nov 2009 19:11:29 -0800

pretty sure that this will help with source of syslog.

logging device-id ipaddress {inside, dmz, outside}

routtasa# sh logg
Syslog logging: enabled
    Facility: 23
    Timestamp logging: enabled
    Standby logging: disabled
    Debug-trace logging: disabled
    Console logging: disabled
    Monitor logging: level warnings, 15197 messages logged
    Buffer logging: level errors, 4364 messages logged
    Trap logging: level warnings, facility 23, 15197 messages logged
        Logging to inside 192.168.15.20 errors: 477 dropped: 483
    History logging: disabled
    Device ID: 'inside' interface IP address "192.168.15.1"

As for traps, I thought when you specified
snmp-server host inside 1.1.1.1 let's say, the trap will have the source of the interface you specify when firing to the destination. Is that what you mean?

TACACS/RADIUS
aaa-server TST protocol Tacacs+
aaa-server TST (inside) host 1.1.1.1 mysecretAAAkey

NTP
ntp server 1.1.1.1 source inside

hth,

Rob Routt
________________________________

From: nobody_at_groupstudy.com on behalf of Keegan.Holley_at_sungard.com
Sent: Wed 11/18/2009 4:38 PM
To: Ryan West
Cc: ccielab_at_groupstudy.com
Subject: Re: Management Traffic for ASA5505

What do you mean by an interesting traffic ace? Also, does this cover
snmp traps? The problem is with traffic generated by the firewall such as
syslog and snmp-trap, ntp and tacacs requests.

From:
Ryan West <rwest_at_zyedge.com>
To:
"Keegan.Holley_at_sungard.com" <Keegan.Holley_at_sungard.com>
Cc:
"ccielab_at_groupstudy.com" <ccielab_at_groupstudy.com>
Date:
11/18/2009 06:52 PM
Subject:
Re: Management Traffic for ASA5505

Management-access inside, then you can use the inside ip address for
your polling target. You can also set your logging host inside and
use an interesting traffic ace as your target. If you need more
detailed examples, let me know.

Sent from handheld.

On Nov 18, 2009, at 6:46 PM, "Keegan.Holley_at_sungard.com"
<Keegan.Holley_at_sungard.com
> wrote:

> I have been trying to configure an ASA5505 to source syslog and snmp
> traffic from an interface other than the outside. Does anyone know
> how to
> do this?
>
>
> Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
>
> _______________________________________________________________________

> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
Received on Wed Nov 18 2009 - 19:11:29 ART

This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 06:36:29 ART