[fw-wiz] PIX VPN Logging question

From: Robert Driscoll <rjdriscoll@xxxxxxxxxxx>
Date: Thu, 20 Mar 2008 21:39:16 -0700

Hello,

I am doing some firewall cleanup for a small company that is using PIXes
running IPSEC tunnels to connect their branches together.

The PIXes are configured as firewalls and also site to site VPN
concentrators (fully meshed).

I am working to get the Internet (outbound) logging to a syslog server,
at the same time I am trying to not log the site to site traffic. This
would be
similiar to a WAN setup that was running Frame-Relay/ATM or
Point-to-Point lines where traffic is not logged.
I have set the logging level to informational to get the access-list
logging, and I have disabled some of the chattier logging messages.
In order to stop the cryptomap access-lists from logging I have tried
appending log disable and log 4 (warning) at the end of the access-list.

This has not stopped logging of the site to site traffic.

So my question is this; am I missing something from stopping the site to
site traffic

Here is the some of the config information..

Syslog logging: enabled
Facility: 20
Timestamp logging: enabled
Standby logging: enabled
Console logging: level informational, 24091266 messages logged
Monitor logging: disabled
Buffer logging: disabled
Trap logging: level informational, 24091265 messages logged
Logging to inside 10.1.0.10
History logging: level informational, 6464624 messages logged
Device ID: disabled

logging on
logging timestamp
logging standby
logging console informational
logging trap informational
logging history informational
logging host inside 10.1.0.10
no logging message 305012
no logging message 305011
no logging message 302014
no logging message 302016

access-list outside_cryptomap_10 permit ip 10.1.0.0 255.255.255.0
10.1.1.0 255.255.255.0 log 4

Any ideas would be greatly appreciated. Thanks!

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Prev by Date: Re: [fw-wiz] Web Services and Firewall/Network Architecture
Next by Date: Re: [fw-wiz] pix config for nat port 80 and port 8080 to same internal ip and port?
Previous by thread: [fw-wiz] CanSecWest 2008 PWN2OWN - Mar 26-28
Next by thread: Re: [fw-wiz] PIX VPN Logging question
Index(es):
- Date
- Thread

Relevant Pages

RE: Router Internet Monitoring
... "no logging message " ... example "no logging message 305012" ... Then you can filter your syslog with grep by interface. ... > Can you use the Cisco Pix Device Manager to filter the log? ...
(Security-Basics)
RE: Router Internet Monitoring
... "no logging message " ... example "no logging message 305012" ... Then you can filter your syslog with grep by interface. ... > Can you use the Cisco Pix Device Manager to filter the log? ...
(Firewall-Wizards)
[fw-wiz] RE: Router Internet Monitoring
... "no logging message " ... example "no logging message 305012" ... Then you can filter your syslog with grep by interface. ... > Can you use the Cisco Pix Device Manager to filter the log? ...
(Firewall-Wizards)
[fw-wiz] Re: Syslog montioring and usage.
... logging history notifications ... no logging message 106011 ...
(Firewall-Wizards)
Re: Data Mining for PIX Firewall Logs
... Data Mining for PIX Firewall Logs ... > Can anyone here please suggest to me some type of logging and more ...
(Pen-Test)