CSMARS Source IP address

Unanswered Question

I have a CSMARS box with the following rules set to send me an e-mail if they are triggered.

System Rule: Password Attack: Remote VPN Access - Attempt

System Rule: Password Attack: Remote VPN Access - Success Likely

System Rule: Password Attack: System - Attempt

My ASA authenticates against my ACS server. If I test any of the rules from our inside network address space CSMARS gives me the correct source IP addresses. However, if I run the same test from our outside IP address block my source address is displayed as If I look at the " Failed Attempts" logs on the ACS server the correct source address is displayed. I'm wondering what I'm missing in order to have CSMARS display the correct source address.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mhellman Tue, 03/04/2008 - 08:06
User Badges:
  • Blue, 1500 points or more

When you look at the acs logs for failed attempts, both the internal and external failures are in the same file and identically formatted?


This Discussion