Issue
When the transport mechnism TCP is configured for Syslog (trap logging) and the Cisco ASA is unable to reach the designated syslog server, the security appliance will prevent any further new network sessions.
Solution
In order to ensure that the status of a TCP-based syslog server is irrelevant to new sessions the following command is used within the global configuration mode,
(config)# logging permit-hostdown
Rick Donato is a Network Automation Architect/Evangelist and the founder of Packet Coders.
Latest posts by Rick Donato (see all)
- NETCONF & YANG: Automate Network Configs via Python - April 2, 2026
- Palo Alto – How to Configure Your Next-Generation Firewall - April 2, 2026
- How to Harden Linux SSH: Keys, Fail2ban & Ciphers - March 1, 2026
Want to become an IT Security expert ?
Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
Delta Practice Tests