Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
284
Views
0
Helpful
2
Replies

CSMARS Source IP address

jrojas
Level 1
Level 1

‎03-03-2008 12:46 PM - edited ‎03-09-2019 08:13 PM

I have a CSMARS box with the following rules set to send me an e-mail if they are triggered.

System Rule: Password Attack: Remote VPN Access - Attempt

System Rule: Password Attack: Remote VPN Access - Success Likely

System Rule: Password Attack: System - Attempt

My ASA authenticates against my ACS server. If I test any of the rules from our inside network address space CSMARS gives me the correct source IP addresses. However, if I run the same test from our outside IP address block my source address is displayed as 0.0.0.0. If I look at the " Failed Attempts" logs on the ACS server the correct source address is displayed. I'm wondering what I'm missing in order to have CSMARS display the correct source address.

Labels:
0 Helpful
2 Replies 2

mhellman
Level 7
Level 7

‎03-04-2008 08:06 AM

When you look at the acs logs for failed attempts, both the internal and external failures are in the same file and identically formatted?

0 Helpful

jrojas
Level 1
Level 1
In response to mhellman

‎03-04-2008 08:17 AM

Hi,

Yes they are. That's why this seems a bit odd.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents