SMpolicy table lookup from MARS

Unanswered Question
Mar 2nd, 2010
User Badges:

Hi!! Thanks in advance for your help.

I'm working in the integration of the subject. I'm working with SM ver. 3.3.1; MARS6.0.4; FWSM 4.0(2); IDM-2 ver 7.0(2). I have followed the document "Security Manager Policy Table Lookup from a MARS Event" at http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/monidiag.html#wp837959.

I am having the following problems (by the moment... i am starting my tests):

1- events are sent from IDSM-2 to MARS, but when i click in the icon of the SM, i get the following error message:"An error occurred while querying policies from Cisco Security Manager. There may be a temporary connectivity problem with Cisco Security Manager device.  Retry the operation after 1-2 minutes. " I never can get to SM from MARS. There is connectivity ( the events in IDSM-2 are shown in MARS)


2- In FWSM i have configured a rule to test (an ACE with the log keyword). I can see the event in the ASDM, but not in MARS. If i navigate in SM, ->select device (FWSM context)->access rules->select the rule->(right click on rule)show events->real time->matching this rule     The MARS window open and i can see the rule in MARS. But there are no ocurrences.

The logging configuration in FWSM context is as follows:

The ACE is : access-list inside extended deny tcp host 10.228.228.53 host 10.228.228.11 eq telnet log emergencies

ssh 10.228.228.67 255.255.255.255 inside     To allow acces from MARS.

FWSM#sh runn | in logging
logging enable
logging timestamp
logging buffer-size 8092
logging console debugging
logging monitor warnings
logging buffered errors
logging trap debugging
logging asdm informational
logging device-id ipaddress inside
logging host insidet 10.228.228.67  (IP mars address)
logging debug-trace
logging class ip trap informational
logging message 111111 level informational


I hope somebody can provide me with a hint to solve this.


Regards.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion