I have a CSMARS box with the following rules set to send me an e-mail if they are triggered.
System Rule: Password Attack: Remote VPN Access - Attempt
System Rule: Password Attack: Remote VPN Access - Success Likely
System Rule: Password Attack: System - Attempt
My ASA authenticates against my ACS server. If I test any of the rules from our inside network address space CSMARS gives me the correct source IP addresses. However, if I run the same test from our outside IP address block my source address is displayed as 0.0.0.0. If I look at the " Failed Attempts" logs on the ACS server the correct source address is displayed. I'm wondering what I'm missing in order to have CSMARS display the correct source address.