MARS through IPSec VPN

Unanswered Question
Jun 17th, 2008
User Badges:

If I setup an ASA 5500 at a remote site to do Site-to-site IPSec VPN, can I have the remote ASA report to the local MARS through the tunnel? If so, what address would I use as the reporting address in MARS for the 5500 appliance?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Farrukh Haroon Tue, 06/17/2008 - 12:32
User Badges:
  • Red, 2250 points or more

Yes why not.


Basically you can use a 'tunnel' mode VPN and setup a site-2-site VPN tunnel between the two ASAs and add the MARS server on the remote ASA as a logging host.


Once the traffic reaches the local ASA it can then route it to the MARS on your local LAN. I think the IP address of the remote ASA should be same as its' WAN interface pointing towards the Local ASA. If you want the MARS to telnet/ssh to the firewall, you need to setup a tunnel mode VPN or just use SSH to login to the device securely over the WAN/Internet (Without any VPN).


Caution: Syslogs can be very bandwidth intensive, make sure your VPN connection can sustain that.


Regards


Farrukh

PATRICK KLINE Fri, 06/20/2008 - 12:40
User Badges:

My question has to do with the Topology Graph. I have many site-to-site tunnels and the Graph doesn't seem to display the connectivity between sites. It displays them as separate networks with an Internet Cloud. Is this possible or a limitation since it is trying to traverse the Internet and an ISPs network. I was hoping that Mars would be a part of Interesting traffic and show at least a line through the clouds to the respective peers.


Thanks,

-Patrick..

Actions

This Discussion