Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA5520 support in MARS and Security Manager

Hi,

i propose a solution for customer with ASA5520 and Cat450x-E. Do MARS & CSM fully support those devices? When we want to use NetFlow info from Cat4500 to MARS, do we need a NetFlow card or is the service implemented by default in Cat4500. Is MARS & CSM suitable solution for main configuring, incident monitoring and evaluation of ASA5520 & Cat4500?

2 ACCEPTED SOLUTIONS

Accepted Solutions
Bronze

Re: ASA5520 support in MARS and Security Manager

CSM doesn't act as a Security Monitoring device!!! The CSM doesn't have this functionality, instead of it CS-MARS has.

Netflow events get mapped to the "Built/teardown/permitted IP connection" event type, which in turn is part of the "Info/AllSession" event type group. Look for the event type and the event type group in inspection rules to find out where they apply.

http://www.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/mars/4_2/uglc/cfgcsm.htm#wp1253618

New Member

Re: ASA5520 support in MARS and Security Manager

do we need a NetFlow card or is the service implemented by default in Cat4500. Is MARS & CSM suitable solution for main configuring, incident monitoring and evaluation of ASA5520 & Cat4500?

----------------------------

Yes, you need WS-F4531= card (Netflow is not available in Cat IOS as a service/command), which works with Cat 4500 Sup IV/V.

MARS is a monitoring device, and CSM is a management device. You can get critical NBA (Network Behaviour Analysis) alerts from MARS, and from CSM you can get configuration backups/audit/bulk administration (of security devices only).

Hope that helps.

2 REPLIES
Bronze

Re: ASA5520 support in MARS and Security Manager

CSM doesn't act as a Security Monitoring device!!! The CSM doesn't have this functionality, instead of it CS-MARS has.

Netflow events get mapped to the "Built/teardown/permitted IP connection" event type, which in turn is part of the "Info/AllSession" event type group. Look for the event type and the event type group in inspection rules to find out where they apply.

http://www.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/mars/4_2/uglc/cfgcsm.htm#wp1253618

New Member

Re: ASA5520 support in MARS and Security Manager

do we need a NetFlow card or is the service implemented by default in Cat4500. Is MARS & CSM suitable solution for main configuring, incident monitoring and evaluation of ASA5520 & Cat4500?

----------------------------

Yes, you need WS-F4531= card (Netflow is not available in Cat IOS as a service/command), which works with Cat 4500 Sup IV/V.

MARS is a monitoring device, and CSM is a management device. You can get critical NBA (Network Behaviour Analysis) alerts from MARS, and from CSM you can get configuration backups/audit/bulk administration (of security devices only).

Hope that helps.

202
Views
0
Helpful
2
Replies