Hello,

I am doing some firewall cleanup for a small company that is using PIXes
running IPSEC tunnels to connect their branches together.

The PIXes are configured as firewalls and also site to site VPN
concentrators (fully meshed).

I am working to get the Internet (outbound) logging to a syslog server,
at the same time I am trying to not log the site to site traffic. This
would be
similiar to a WAN setup that was running Frame-Relay/ATM or
Point-to-Point lines where traffic is not logged.
I have set the logging level to informational to get the access-list
logging, and I have disabled some of the chattier logging messages.
In order to stop the cryptomap access-lists from logging I have tried
appending log disable and log 4 (warning) at the end of the access-list.

This has not stopped logging of the site to site traffic.

So my question is this; am I missing something from stopping the site to
site traffic


Here is the some of the config information..

Syslog logging: enabled
Facility: 20
Timestamp logging: enabled
Standby logging: enabled
Console logging: level informational, 24091266 messages logged
Monitor logging: disabled
Buffer logging: disabled
Trap logging: level informational, 24091265 messages logged
Logging to inside 10.1.0.10
History logging: level informational, 6464624 messages logged
Device ID: disabled

logging on
logging timestamp
logging standby
logging console informational
logging trap informational
logging history informational
logging host inside 10.1.0.10
no logging message 305012
no logging message 305011
no logging message 302014
no logging message 302016

access-list outside_cryptomap_10 permit ip 10.1.0.0 255.255.255.0
10.1.1.0 255.255.255.0 log 4

Any ideas would be greatly appreciated. Thanks!


_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards