Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

MARS mitigation: can not push to pix

Unanswered Question
Nov 2nd, 2005
User Badges:

I just installed MARS 4.1 to monitor IDS (4.0), PIX (6.3.3) and several internal switches. Everything seems ok but the mitigation. It appears if the mitigation suggestion is a switch, the PUSH botton is activated, but if the PIX is the suggested solution, the PUSH button is not activated.

The PIX is configured with SSH. I verified the passwords and snmp string. Still same problem. Anyone have any ideas?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
mchin345 Tue, 11/08/2005 - 07:55
User Badges:
  • Silver, 250 points or more

sure that all the L2 devices have the SNMP RO community strings specified in the HTML interface for L2 mitigation, even if the access type is not SNMP. (See Mitigation, page 18-6 for more information on mitigating an attack.)

The SNMP RO community string is always required on Layer 2 devices for L2 mitigation. L2 devices must be added manuallythere is no automatic discovery for these device.

CS-MARS does not discover L2 devices automatically as it does with L3 devices.

JOSH GANT Fri, 11/18/2005 - 11:30
User Badges:

PIX would be a L3 device. I am having the same problem. Bump.

s.buskus Fri, 11/18/2005 - 12:42
User Badges:

Too bad Mars does not push to L3 devices. I hear they are plaaning to put it into future releases.

JOSH GANT Fri, 11/18/2005 - 12:55
User Badges:

So even though it offers the shun command it will not push to the PIX? That doesn't sound right - did you talk with TAC on this? TIA.

s.buskus Fri, 11/18/2005 - 14:12
User Badges:

Yes, I had a TAC case. It is also in the documentation. I didn't see the fine print. Mars will only push to L2 not L3.


This Discussion