tunnel snmp through vpn concentrator

- J
- jspr
  
  Contact options for registered users
posted
19 years ago

Thu, Feb 10, 2005 2:37 PM

I can't seem to find any documentation on how to monitor a pix through the pix to vpn concentrator tunnel. I want to send the snmp traffic from the remote pix through the tunnel through the concentrator to a local syslog server. I found a document that tells how to send snmp through a pix to pix tunnel and on the local pix you create an access list in your access list you use with the vpn that allows the ip of host syslog to host outside interface of remote pix. I am just not sure how to do this on a vpn concetrator 3000 series. I have all the correct routes and devices behind the remote pix can ping the local syslog servers ip. Thanks

- R
- RobO
  
  Contact options for registered users
Vote on answer
posted
19 years ago

Thu, Feb 10, 2005 2:47 PM

Hi,

This might be a wild stab in the dark and/or a long shot but what if you configure logging with a source interface ie: "logging source-interface [internal_int]" and "snmp-server trap-source [internal_int]"

Do you actually receive any syslog messages at all?

Rob

- J
- jspr
  
  Contact options for registered users
Vote on answer
posted
19 years ago

Thu, Feb 10, 2005 2:56 PM

I tried logging like this syslog =192.168.200.50 remote pix: I tried both logging host inside 192.168.200.50 and logging host outside 192.168.200.50 I also tried adding the access-list part of the tunnel access-list in the remote pix like it says to do in the pix-to-pix snmp tunnel doc access-list vpn permit ip host 192.168.200.50 host outside interface None of this worked I even tried pointing the logging host to the inside interface of the concentrator to see if the concentrator would pass the syslog msgs with its own and got nothing thanks