How do I use Cisco MARS to monitor two ASA (active/stby) with IPS modules?

Unanswered Question
May 29th, 2006
User Badges:


Hi

The two ASA with IPS modules are in active/standby mode. When I try to add both the two IP (active/standby) into the MARS, the MARS will complain duplicated hostnames.


How to setup MARS to monitor ASA with IPS with active standby topology?


Thanks!




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
a.kiprawih Mon, 05/29/2006 - 04:31
User Badges:
  • Gold, 750 points or more

Hi,


In Active/Standby mode, ASA logically exists as single firewall. Traffic only flows via active unit.


I think you need to add only the Active IP Address, not both. So when you add 2xIPs, CS-MARS still sees them as single device.That's why CS-MARS complaint about the duplicate/ existance of similar device.


This is also true if you have a router or switches (like C6509) with multiple interfaces, and you want to add/register all interfaces using their individual interfaces IPs, CS-MARS will also produced similar complaint.


Logically, when active unit become unavailable and the standby unit resume the firewalling tasks using the same Active IP Address as well as MAC Address. Other devices/hosts will not aware of this, including CS-MARS.


Rgds,

AK




Actions

This Discussion