Firewall Wizards mailing list archives
PIX VPN Logging question
From: Robert Driscoll <rjdriscoll () comcast net>
Date: Thu, 20 Mar 2008 21:39:16 -0700
Hello, I am doing some firewall cleanup for a small company that is using PIXes running IPSEC tunnels to connect their branches together. The PIXes are configured as firewalls and also site to site VPN concentrators (fully meshed). I am working to get the Internet (outbound) logging to a syslog server, at the same time I am trying to not log the site to site traffic. This would be similiar to a WAN setup that was running Frame-Relay/ATM or Point-to-Point lines where traffic is not logged. I have set the logging level to informational to get the access-list logging, and I have disabled some of the chattier logging messages. In order to stop the cryptomap access-lists from logging I have tried appending log disable and log 4 (warning) at the end of the access-list. This has not stopped logging of the site to site traffic. So my question is this; am I missing something from stopping the site to site traffic Here is the some of the config information.. Syslog logging: enabled Facility: 20 Timestamp logging: enabled Standby logging: enabled Console logging: level informational, 24091266 messages logged Monitor logging: disabled Buffer logging: disabled Trap logging: level informational, 24091265 messages logged Logging to inside 10.1.0.10 History logging: level informational, 6464624 messages logged Device ID: disabled logging on logging timestamp logging standby logging console informational logging trap informational logging history informational logging host inside 10.1.0.10 no logging message 305012 no logging message 305011 no logging message 302014 no logging message 302016 access-list outside_cryptomap_10 permit ip 10.1.0.0 255.255.255.0 10.1.1.0 255.255.255.0 log 4 Any ideas would be greatly appreciated. Thanks! _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX VPN Logging question Robert Driscoll (Mar 24)
- <Possible follow-ups>
- Re: PIX VPN Logging question nico (Mar 27)
- Re: PIX VPN Logging question Robert Driscoll (Mar 28)