05-22-2008 12:53 PM
Hi,
i propose a solution for customer with ASA5520 and Cat450x-E. Do MARS & CSM fully support those devices? When we want to use NetFlow info from Cat4500 to MARS, do we need a NetFlow card or is the service implemented by default in Cat4500. Is MARS & CSM suitable solution for main configuring, incident monitoring and evaluation of ASA5520 & Cat4500?
Solved! Go to Solution.
05-28-2008 08:11 AM
CSM doesn't act as a Security Monitoring device!!! The CSM doesn't have this functionality, instead of it CS-MARS has.
Netflow events get mapped to the "Built/teardown/permitted IP connection" event type, which in turn is part of the "Info/AllSession" event type group. Look for the event type and the event type group in inspection rules to find out where they apply.
http://www.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/mars/4_2/uglc/cfgcsm.htm#wp1253618
08-04-2008 11:07 PM
do we need a NetFlow card or is the service implemented by default in Cat4500. Is MARS & CSM suitable solution for main configuring, incident monitoring and evaluation of ASA5520 & Cat4500?
----------------------------
Yes, you need WS-F4531= card (Netflow is not available in Cat IOS as a service/command), which works with Cat 4500 Sup IV/V.
MARS is a monitoring device, and CSM is a management device. You can get critical NBA (Network Behaviour Analysis) alerts from MARS, and from CSM you can get configuration backups/audit/bulk administration (of security devices only).
Hope that helps.
05-28-2008 08:11 AM
CSM doesn't act as a Security Monitoring device!!! The CSM doesn't have this functionality, instead of it CS-MARS has.
Netflow events get mapped to the "Built/teardown/permitted IP connection" event type, which in turn is part of the "Info/AllSession" event type group. Look for the event type and the event type group in inspection rules to find out where they apply.
http://www.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/mars/4_2/uglc/cfgcsm.htm#wp1253618
08-04-2008 11:07 PM
do we need a NetFlow card or is the service implemented by default in Cat4500. Is MARS & CSM suitable solution for main configuring, incident monitoring and evaluation of ASA5520 & Cat4500?
----------------------------
Yes, you need WS-F4531= card (Netflow is not available in Cat IOS as a service/command), which works with Cat 4500 Sup IV/V.
MARS is a monitoring device, and CSM is a management device. You can get critical NBA (Network Behaviour Analysis) alerts from MARS, and from CSM you can get configuration backups/audit/bulk administration (of security devices only).
Hope that helps.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: