Cisco ASA – Traffic blocked when TCP syslog server is unreachable

Issue

When the transport mechnism TCP is configured for Syslog (trap logging) and the Cisco ASA is unable to reach the designated syslog server, the security appliance will prevent any further new network sessions.

Solution

In order to ensure that the status of a TCP-based syslog server is irrelevant to new sessions the following command is used within the global configuration mode,

(config)# logging permit-hostdown

Rick Donato

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial