cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
638
Views
4
Helpful
2
Replies

MARS through IPSec VPN

dougnotini
Level 1
Level 1

If I setup an ASA 5500 at a remote site to do Site-to-site IPSec VPN, can I have the remote ASA report to the local MARS through the tunnel? If so, what address would I use as the reporting address in MARS for the 5500 appliance?

2 Replies 2

Farrukh Haroon
VIP Alumni
VIP Alumni

Yes why not.

Basically you can use a 'tunnel' mode VPN and setup a site-2-site VPN tunnel between the two ASAs and add the MARS server on the remote ASA as a logging host.

Once the traffic reaches the local ASA it can then route it to the MARS on your local LAN. I think the IP address of the remote ASA should be same as its' WAN interface pointing towards the Local ASA. If you want the MARS to telnet/ssh to the firewall, you need to setup a tunnel mode VPN or just use SSH to login to the device securely over the WAN/Internet (Without any VPN).

Caution: Syslogs can be very bandwidth intensive, make sure your VPN connection can sustain that.

Regards

Farrukh

My question has to do with the Topology Graph. I have many site-to-site tunnels and the Graph doesn't seem to display the connectivity between sites. It displays them as separate networks with an Internet Cloud. Is this possible or a limitation since it is trying to traverse the Internet and an ISPs network. I was hoping that Mars would be a part of Interesting traffic and show at least a line through the clouds to the respective peers.

Thanks,

-Patrick..

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: