CSMARS Source IP address

Unanswered Question

I have a CSMARS box with the following rules set to send me an e-mail if they are triggered.

System Rule: Password Attack: Remote VPN Access - Attempt

System Rule: Password Attack: Remote VPN Access - Success Likely

System Rule: Password Attack: System - Attempt

My ASA authenticates against my ACS server. If I test any of the rules from our inside network address space CSMARS gives me the correct source IP addresses. However, if I run the same test from our outside IP address block my source address is displayed as If I look at the " Failed Attempts" logs on the ACS server the correct source address is displayed. I'm wondering what I'm missing in order to have CSMARS display the correct source address.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion