If I setup an ASA 5500 at a remote site to do Site-to-site IPSec VPN, can I have the remote ASA report to the local MARS through the tunnel? If so, what address would I use as the reporting address in MARS for the 5500 appliance?
Basically you can use a 'tunnel' mode VPN and setup a site-2-site VPN tunnel between the two ASAs and add the MARS server on the remote ASA as a logging host.
Once the traffic reaches the local ASA it can then route it to the MARS on your local LAN. I think the IP address of the remote ASA should be same as its' WAN interface pointing towards the Local ASA. If you want the MARS to telnet/ssh to the firewall, you need to setup a tunnel mode VPN or just use SSH to login to the device securely over the WAN/Internet (Without any VPN).
Caution: Syslogs can be very bandwidth intensive, make sure your VPN connection can sustain that.
My question has to do with the Topology Graph. I have many site-to-site tunnels and the Graph doesn't seem to display the connectivity between sites. It displays them as separate networks with an Internet Cloud. Is this possible or a limitation since it is trying to traverse the Internet and an ISPs network. I was hoping that Mars would be a part of Interesting traffic and show at least a line through the clouds to the respective peers.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...