Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CS-MARS unable to compute mitigation path for external IPs

Hi

I have a MARS and IDSM setup running and has been monitoring two internal VLANS with the IDSM. I get some notices in the IDSM and MARS for attempts flowing through our open firewall rules, nothing serious and I can get a path and mitigation suggestion for every attempt.

A few days ago I added our external unprotected VLAN to the IDSM and not surprisingly get alot more incidents in the IDSM and MARS. The problem is that none of these events can be graphed in MARS, it doesn't matter what type of events I get or if the events are aimed at valid NATed IPs or available IPs.

The only addition I've done to the MARS after adding the external VLAN to the IDSM is to add our external subnet to the list of networks monitored by the IDSM.

Do I have to change something else? My impression was that MARS should download NATsetups from our firewalls and use that to plot the network paths.

Regards

Fredrik Hofgren

4 REPLIES
New Member

Re: CS-MARS unable to compute mitigation path for external IPs

I believe that MARS does a topology discovery through the "Topology/Monitored Device Update Scheduler". We use to run a MARS based topology scanner before we started using Qualys. See what results you can get from a manual run??

Also, what version and model of MARS are you currently running?

New Member

Re: CS-MARS unable to compute mitigation path for external IPs

I'm running 4.3.1 and have run several over night topology updates without effect. What I've done now is to remove the IDSM monitoring on our external VLAN and MARS can now graph the route of the packets again.

I'll leave it as it is for a while but if anyone have a solution I'd appreciate it

Regards

Fredrik

New Member

Re: CS-MARS unable to compute mitigation path for external IPs

Hello,

In the IDSM configuration (is this also functionning with contexts ?), did you precise which networks are protected ? With the NAT addresses or real addresses ?

jF

New Member

Re: CS-MARS unable to compute mitigation path for external IPs

I'm not running the IDSM in context mode. In MARS I specified our two internal subnets and our external subnet as monitored by the IDSM.

I can add that I just tried to monitor the external VLAN but not specify it in MARS but I still get the same problem when graphing external events.

//Fredrik

112
Views
0
Helpful
4
Replies