Firewall Wizards mailing list archives

PIX VPN Logging question

From: Robert Driscoll <rjdriscoll () comcast net>
Date: Thu, 20 Mar 2008 21:39:16 -0700

Hello,

I am doing some firewall cleanup for a small company that is using PIXes 
running IPSEC tunnels to connect their branches together.

The PIXes are configured as firewalls and also site to site VPN 
concentrators (fully meshed).

I am working to get the Internet (outbound) logging to a syslog server, 
at the same time I am trying to not log the site to site traffic. This 
would be
similiar to a WAN setup that was running Frame-Relay/ATM or 
Point-to-Point lines where traffic is not logged.
I have set the logging level to informational to get the access-list 
logging, and I have disabled some of the chattier logging messages.
In order to stop the cryptomap access-lists from logging I have tried 
appending log disable and log 4 (warning) at the end of the access-list.

This has not stopped logging of the site to site traffic.

So my question is this; am I missing something from stopping the site to 
site traffic


Here is the some of the config information..

Syslog logging: enabled
   Facility: 20
   Timestamp logging: enabled
   Standby logging: enabled
   Console logging: level informational, 24091266 messages logged
   Monitor logging: disabled
   Buffer logging: disabled
   Trap logging: level informational, 24091265 messages logged
       Logging to inside 10.1.0.10
   History logging: level informational, 6464624 messages logged
   Device ID: disabled

logging on
logging timestamp
logging standby
logging console informational
logging trap informational
logging history informational
logging host inside 10.1.0.10
no logging message 305012
no logging message 305011
no logging message 302014
no logging message 302016

access-list outside_cryptomap_10 permit ip 10.1.0.0 255.255.255.0
10.1.1.0 255.255.255.0 log 4

Any ideas would be greatly appreciated. Thanks!


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

PIX VPN Logging question Robert Driscoll (Mar 24)
- <Possible follow-ups>
- Re: PIX VPN Logging question nico (Mar 27)
- Re: PIX VPN Logging question Robert Driscoll (Mar 28)