Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
450
Views
10
Helpful
5
Replies

CS-MARS with ASA failover pair and IPS

m.reay
Level 1
Level 1

‎06-24-2007 12:18 AM - edited ‎02-21-2020 01:34 AM

Hi.

Has anyone implemented CS-MARS with ASA in active/standby, each with IPS modules?

What is the procedure for adding the devices to CS-MARS - do I define each box separately -(remember the active and standby both have the same name) or do I just define one ASA using the failover address?

Any reccommendations would be welcome,

regards

Mick.

0 Helpful
5 Replies 5

joemarr_brodart
Level 1
Level 1

‎06-24-2007 10:45 AM

I?ve asked this question before but never really received a response. So what I'm about to say is based only on my experience.

I added only the active firewall, and then added each IPS blade as a module to the active firewall.

The only drawback is that MARS does not seem to acknowledge failover capabilities. I say this because only one IPS blade (obviously)generates alerts, so the second blade will cause MARS generate an Inactive CS-MARS reporting device event.

0 Helpful

m.reay
Level 1
Level 1
In response to joemarr_brodart

‎06-24-2007 11:44 PM

Thanks for the reply.

That is exactly the way I set it up - Active ASA with both modules defined in the active device.

About the second module not generating alarms - I wouldn't expect it to whilst it was in standby mode as it wouldn't be passing traffic.

When the ASA fails over - the second module should then start to generate alerts.

0 Helpful

m.reay
Level 1
Level 1
In response to andrew.burns

‎06-25-2007 12:03 PM

Hi Andrew - thanks for replying.

I actually added the ASA using the active addresses and added both of the IPS devices as modules of the ASA rather than as separate devices.

This seems to work fine - can you see any problem doing it this way?

Thanks and regards

Mick.

0 Helpful

andrew.burns
Level 7
Level 7
In response to m.reay

‎06-25-2007 11:33 PM

Hi Mick,

That should work fine - as far as I can tell MARS doesn't care whether the IPS modules are internal or external. I tried it both ways and couldn't see any difference in functionality.

HTH

Andrew.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card