MARS topology issue with vpn concentrator

Unanswered Question
Feb 20th, 2007

I have a problem with MARS not being able to determine that Remote VPN clients are located behind a VPN 3005 concentrator. MARS shows them behind another device that is in a DMZ. I have seen internal hosts show up behind the same DMZ device from time to time as well. It looks like anytime MARS can't determine the location of a device it puts it behind this one DMZ device.

My main issue is with the VPN remote clients.

Has anyone else seen this issue?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
carenas123 Tue, 02/27/2007 - 09:41

An incident is a chain of events that are correlated by a rule to signal an attack upon your network. MARS simplifies and expedites the detection, mitigation, reporting, and analysis of the incident. The Network Summary dashboard and the Incident pages help to detect recent incidents and show the rules and the events that compose them. Mitigation refers to the ability of the MARS to isolate the attacking and compromised network devices by identifying and configuring enforcing devices that act as choke points in the network. Queries and reports reveal the scope of a problem and gather data for analysis and regulatory compliance. All this information can be captured in a case report with Case Management and escalated to the relevant personnel

MARK BAKER Tue, 02/27/2007 - 13:40

I appreciate the reply, but I'm not sure what this has to do with my issue.

I understand what MARS is. My issue is that MARS is displaying VPN remote users, that have alerted in MARS, in the wrong location on the topology map.


This Discussion