Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CS-MARS with ASA failover pair and IPS

Hi.

Has anyone implemented CS-MARS with ASA in active/standby, each with IPS modules?

What is the procedure for adding the devices to CS-MARS - do I define each box separately -(remember the active and standby both have the same name) or do I just define one ASA using the failover address?

Any reccommendations would be welcome,

regards

Mick.

5 REPLIES
New Member

Re: CS-MARS with ASA failover pair and IPS

I?ve asked this question before but never really received a response. So what I'm about to say is based only on my experience.

I added only the active firewall, and then added each IPS blade as a module to the active firewall.

The only drawback is that MARS does not seem to acknowledge failover capabilities. I say this because only one IPS blade (obviously)generates alerts, so the second blade will cause MARS generate an Inactive CS-MARS reporting device event.

New Member

Re: CS-MARS with ASA failover pair and IPS

Thanks for the reply.

That is exactly the way I set it up - Active ASA with both modules defined in the active device.

About the second module not generating alarms - I wouldn't expect it to whilst it was in standby mode as it wouldn't be passing traffic.

When the ASA fails over - the second module should then start to generate alerts.

New Member

Re: CS-MARS with ASA failover pair and IPS

Hi Andrew - thanks for replying.

I actually added the ASA using the active addresses and added both of the IPS devices as modules of the ASA rather than as separate devices.

This seems to work fine - can you see any problem doing it this way?

Thanks and regards

Mick.

Re: CS-MARS with ASA failover pair and IPS

Hi Mick,

That should work fine - as far as I can tell MARS doesn't care whether the IPS modules are internal or external. I tried it both ways and couldn't see any difference in functionality.

HTH

Andrew.

139
Views
10
Helpful
5
Replies