[PIX 501, 6.3] Syslog, VPN

Hi,

I have a problem to establish a VPN connection and I'd like to log what's happening (IKE phase1 & IPSec phase2) with a syslog server. My syslog server is receiving logs, but I can't find how to enable logging of any VPN connection informations. Could you please help me ?

Thanks, Akut.

Reply to
Akut
Loading thread data ...

logging trap debug deb cry isa debug cry ipsec

deb cry ? ! for help.

sh deb

Reply to
Bod43

Thank you for your answer. I entered it but still I can't see anything about the vpn in the syslog :-/ I think something's wrong with the conf :

... pager lines 24 logging on logging monitor errors logging trap debugging logging host inside 192.168.122.253 ip audit info action alarm ip audit attack action alarm pdm logging informational 100 pdm history enable access-group inside in interface inside aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec ...

Thx again, Akut

Reply to
Akut

pix11(config)# sh log

Syslog logging: enabled Facility: 20 Timestamp logging: disabled Standby logging: disabled Console logging: disabled Monitor logging: level errors, 0 messages logged Buffer logging: disabled Trap logging: level debugging, 174 messages logged Logging to inside 192.168.122.253 History logging: disabled Device ID: disabled

?
Reply to
Akut

Ah! Now you tell us it's a Pix:-)

Google groups did not have that in the original subject.

I know little of the Pix.

I have no idea what the crypto debugging commands might be.

If you turn on buffer logging you will then get the messages written to the local buffer and will be able to see them with "sh logg". On a router the default buffer size is only 4k and you need to increase it to be useful say with "logging buffered 50000". On Pix???

Sorry, someone with a clue will be along shortly.

Reply to
Bod43

formatting link
M

Reply to
mak

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.