Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
613
Views
0
Helpful
5
Replies

ASA Active/Standby to CS-MARS

jeff_groesbeck
Level 1
Level 1

‎09-16-2008 09:44 AM

Hello everyone.

I know this topic has been discussed previously:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1ddb520d/4#selected_message

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=General&topicID=.ee6e1f8&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddee936

but, I have an additional question/concern regarding this setup. I also currently have the ASA pairs configured where only the active is configured with both IPS added. This is fine. The problem I have is a potential to miss syslog information regarding failover in the case of the standby ASA thinking it needs to become active and the Active not knowing about it. This has happened due to a topology problem and it would have been helpful to have logs from the Standby ASA archived. I know I can't add it through a discover because of the name discrepancy, but I can add it as a device so that it receives logs from the ASA. An additional problem with this is that, since I can't discover it, it can't recognize the names, etc... being sent through syslog (objects, etc). Has anyone successfully added an ASA in this situation? If not, I think this would be a helpful feature.

Thank you,

Jeff Groesbeck

Labels:
0 Helpful
5 Replies 5

Farrukh Haroon
VIP Alumni
VIP Alumni

‎09-16-2008 10:57 AM

AFAIR ASA 8.x introduced different hostname for both faiover units, did you try that?

Regards

Farrukh

0 Helpful

jeff_groesbeck
Level 1
Level 1
In response to Farrukh Haroon

‎09-16-2008 11:11 AM

Hello.

I wasn't aware of this. I tried searching for this and was unsuccessful. Do you have a link I could look at for this?

Thank you,

Jeff

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to jeff_groesbeck

‎09-16-2008 11:44 AM

I'm sorry, I think I did not remember this correctly. I just went through the 8.x release notes and 8.0 Cisco TAC CTU training slides and could not locate such a feature. Maybe I was dreaming :)

Regards

Farrukh

0 Helpful

jeff_groesbeck
Level 1
Level 1
In response to Farrukh Haroon

‎09-17-2008 05:52 AM

That's OK. That would be a nice feature though. :)

Thanks,

Jeff

0 Helpful

ben.gordon
Level 1
Level 1

‎09-23-2008 06:55 AM

I would say that you can just have the failover asa send syslog to mars then sort through the "unknown reporting device" logs looking for the ip of that asa. Or you can setup a syslog daemon on another computer and have it record the syslogs there.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents