Here is a small task that illustrates how combining a few technologies may result in interesting solution.
Task:
Configure R1 to send all logging messages to the remote server at the IP address “10.0.0.100″. Ensure secure (non-cleartext) and reliable (acknowledged) information delivery.
DO NOT USE:
1) TCP as the transport protocol.
2) IPsec for encryption.
3) Any tunneling technology.
Recent update: do not use BEEP. This seems to be ruled out by “don’t use TCP”, but worths being mentioned separately. The solutions is supposed to be a “bit” more complicated 
For simplicity, assume the server to be directly connected to the router via Ethernet. Also, assume the server could be configured in any way to match the router’s configuration.
The first person to find the correct solution would win a 100$ Amazon.com gift card. Since tomorrow is a big holiday in the US, we will post the solution and announce the winner somewhere around the coming weekend.
Have a nice Thanksgiving!
—-
OK, it looks like I’m getting old after all The solution has been found a few hours after I actually made the post! The Winner is: Carl Burkland. Congratulaitons! He was the first to post a working solution. I’m disclosing the comments right now, so you can see other people who came with correct solutions or bright ideas after Carl. Also, see some explanations and comments below.
R1:
logging history debugging
snmp-server engineID remote 10.0.0.100 ABCD12345678
snmp-server group TRAP v3 priv
snmp-server user TRAP TRAP remote 10.0.0.100 v3 auth sha CISCO priv des56 CISCO
snmp-server enable traps syslog
snmp-server host 10.0.0.100 informs version 3 priv TRAP
The idea is combine the following features:
1) Syslog history buffer logging.
2) SNMP traps/informs generation based on syslog messages.
3) SNMPv3 DES encryption for traps/informs.
4) Reliable delivery thanks to informs mechanism.
Of course, using any reliable transport would be too easy 
. Antonio Soares (and later Sorin CONSTANTINESCU) came with an idea of using PPPoE with MPPE and PPP reliable delivery features. While this violates the requirement of not using any tunneling techniques (in this case – L2 inside L2) the idea is really good. The only problem is that I never found the “reliable” PPP to work, particularly with PPPoE Looks like you still need good old LAPB encapsulation on serial interfaces to enforce reliable delivery. There is another protocol called “RBSCP” which you could use across unreliable/long-haul links to imporve TCP performance, but this is deserves a separate post.
Other people (e.g. NTllect, Lejoe Thomas – see their comment) correctly suggested using SNMPv3 informs, but some did not provide the complete working configuration. The trick is that in order to get SNMPv3 informs working you need to configure a remote engine ID for the remote server and associate the SNMPv3 user with this ID. Without that, the router will not send any informs! You can easily verify if your configuration is working by doing something like this:
access-list 100 permit udp any any eq 162
R1#debug ip packet 100 dump
Generating some syslog messages, and see if you see packets captured.
After that, use the command show snmp pending to see the pending informs (if any).
Overall I’ve seen a bunch of pretty good answers. Thanks a lot to everyone for participating. Congratulations to winner once again, our sales team will contact you after holidays! Oh yeah, and next time I will try to come with more complicated tasks.
BEEP as a transport with TLS would probably fit the bill, although BEEP operates on top of TCP, so I don’t know if that fits your guidelines
logging trap debugging
logging host 10.0.0.100 transport beep channel 1 tls cipher 128
use snmp informs?
Have R1 send the syslog messages as SNMPv3 (UDP) informs. That way the communication is encrypted and acknowledged.
snmp-server engineID remote 10.0.0.100 8888888888
snmp-server user MYV3USER MYV3GROUP remote 10.0.0.100 v3 auth md5 CCIERS priv des56 password1234
snmp-server host 10.0.0.100 inform version 3 priv MYV3USER syslog
snmp-server enable traps
logging history inform
hello to all
snmp-server enable traps syslog
snmp-server host 10.0.0.100 informs ver 3 priv r1 syslog
logging history debugging
loggong history size 4096
R1:
!
username SERVER password 0 CISCO
!
interface FastEthernet0/0
pppoe enable
pppoe-client dial-pool-number 1
!
interface Dialer1
ip address 10.0.0.1 255.255.255.0
encapsulation ppp
dialer pool 1
ppp encrypt mppe 128 required
ppp authentication ms-chap
!
logging trap debugging
logging 10.0.0.100
!
SERVER:
!
username R1 password 0 CISCO
!
bba-group pppoe global
virtual-template 1
!
interface FastEthernet0/0
pppoe enable group global
!
interface Virtual-Template1
ip address 10.0.0.100 255.255.255.0
ppp encrypt mppe 128 passive
ppp authentication ms-chap
!
Rack1R1#sh run | s snmp
snmp-server group CCIE v3 priv notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
snmp-server group IEGROUP v3 priv notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
snmp-server enable traps syslog
snmp-server host 10.0.0.100 version 3 priv CCIE
Rack1R1#sh run | s logging
logging trap debugging
Run PPPoE with the logging server. Use the following PPP options:
1) ppp encrypt mppe 128 required
2) ppp reliable-link
I think SNMPv3 will accomplish the goals of sending the logging messages
1) using UDP
2) Providing Encryption
3) Message Integrity (acknowledgment)
All commands in global configuration mode
snmp-server engineID local [engine-id string]
snmp-server group logginggroup v3 auth
snmp-server user lejoe logginggroup v3 encrypted auth md5 mypassword
snmp-server host 10.0.0.100 version 3 auth lejoe
#syslog messages are now sent via snmp
snmp-server enable traps syslog
logging history debugging
Ofcourse you’ll have to configure username, authentication type, password and engineID in the SNMP server on 10.0.0.100
I don’t know if this fits into the category “assume the server could be configured in any way to match the router’s configuration”, but here it goes:
snmp-server engineID local 0000000000
snmp-server engineID remote 10.0.0.100 0101010101
snmp-server group SYSLOG-TRAP-GROUP v3 priv
snmp-server user SYSLOG-TRAP-USER SYSLOG-TRAP-GROUP remote 10.0.0.100 v3 auth md5 CISCO priv 3des CISCO
snmp-server host 10.0.0.100 informs version 3 priv SYSLOG-TRAP-USER
snmp-server enable traps syslog
This is a nice one!
Damn already answer by Tassos after leaving for lunch.
Configure syslog to send messages as traps and configure the snmp server as v3 with encryption and to send informs.
i didnt be as specific but how cool am i to know the answer based on the question and be the first one! I dont even get a $1 voucher?
Hello again,
Nice Post,
however shouldnt
snmp-server host 10.0.0.100 traps version 3 priv TRAP
be:
snmp-server host 10.0.0.100 informs version 3 priv TRAP
?
Regards,
Vlad
To: Vladimir Sousa
Correct, my bad
Those should be informs, I fixed the solution. Seems like age is taking its tax on me 
To: alan
I must admit, that was the quickest reply with the correct solution idea
However, a good idea by itself does not constitute a solution yet. It may take quite some time for the idea to evolve into a working thing.
Still, as a fan reader of our blog and a person of insight you deserved a prize too. I’ll talk to our sales team and we’ll figure out an “encouraging” gift for you
woohooo, thanks. look forward to it.
“Congratulaitons” should be Congratulations
@ Rack009
lol
This proves the fact that Petr is really getting old
I think the very complete solution would require
Rack1R5(config)#$ TRAP remote ABCD12345678 v3 auth sha CISCO priv des56 CISCO
Translating “ABCD12345678″
%Illegal Hostname or IP/IPv6 address
Rack1R5(config)#ip host ABCD12345678 10.0.0.100