CSMARS Source IP address

Unanswered Question

I have a CSMARS box with the following rules set to send me an e-mail if they are triggered.


System Rule: Password Attack: Remote VPN Access - Attempt


System Rule: Password Attack: Remote VPN Access - Success Likely


System Rule: Password Attack: System - Attempt


My ASA authenticates against my ACS server. If I test any of the rules from our inside network address space CSMARS gives me the correct source IP addresses. However, if I run the same test from our outside IP address block my source address is displayed as 0.0.0.0. If I look at the " Failed Attempts" logs on the ACS server the correct source address is displayed. I'm wondering what I'm missing in order to have CSMARS display the correct source address.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mhellman Tue, 03/04/2008 - 08:06
User Badges:
  • Blue, 1500 points or more

When you look at the acs logs for failed attempts, both the internal and external failures are in the same file and identically formatted?

Actions

This Discussion