RE: Management Traffic for ASA5505

From: Ryan West <rwest_at_zyedge.com>
Date: Wed, 18 Nov 2009 22:15:30 -0500

Keegan,

Can you explain a little more about the topology? I capture syslog traffic
remotely using both the inside or outside address, depending on which is being
more temperamental or if there is already some RFC1918 overlap issues and I
don't feel like doing yet another policy NAT. Are you intending on sending
all the traffic through a tunnel to a hub site that offers all these services?
I will have to check on the snmp-trapping tomorrow. The ASA is lacking in a
lot of area, like not supporting VRF's for examples. Worst case, you can
still tunnel all the management traffic that you need to another location
using the outside address. Or I could have read wrong into everything you
said :)

-ryan

From: Keegan.Holley_at_sungard.com [mailto:Keegan.Holley_at_sungard.com]
Sent: Wednesday, November 18, 2009 7:38 PM
To: Ryan West
Cc: ccielab_at_groupstudy.com
Subject: Re: Management Traffic for ASA5505

What do you mean by an interesting traffic ace? Also, does this cover snmp
traps? The problem is with traffic generated by the firewall such as syslog
and snmp-trap, ntp and tacacs requests.

From:

Ryan West <rwest_at_zyedge.com>

To:

"Keegan.Holley_at_sungard.com" <Keegan.Holley_at_sungard.com>

Cc:

"ccielab_at_groupstudy.com" <ccielab_at_groupstudy.com>

Date:

11/18/2009 06:52 PM

Subject:

Re: Management Traffic for ASA5505

________________________________

Management-access inside, then you can use the inside ip address for
your polling target. You can also set your logging host inside and
use an interesting traffic ace as your target. If you need more
detailed examples, let me know.

Sent from handheld.

On Nov 18, 2009, at 6:46 PM,
"Keegan.Holley_at_sungard.com<mailto:Keegan.Holley_at_sungard.com>"
<Keegan.Holley_at_sungard.com
<mailto:Keegan.Holley_at_sungard.com%20%0b>> wrote:

> I have been trying to configure an ASA5505 to source syslog and snmp
> traffic from an interface other than the outside. Does anyone know
> how to
> do this?
>
>
> Blogs and organic groups at http://www.ccie.net<http://www.ccie.net/>
>
> _______________________________________________________________________

> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Nov 18 2009 - 22:15:30 ART

This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 06:36:29 ART