Cisco Support Community

MARS topology issue with vpn concentrator

I have a problem with MARS not being able to determine that Remote VPN clients are located behind a VPN 3005 concentrator. MARS shows them behind another device that is in a DMZ. I have seen internal hosts show up behind the same DMZ device from time to time as well. It looks like anytime MARS can't determine the location of a device it puts it behind this one DMZ device.

My main issue is with the VPN remote clients.

Has anyone else seen this issue?


Re: MARS topology issue with vpn concentrator

An incident is a chain of events that are correlated by a rule to signal an attack upon your network. MARS simplifies and expedites the detection, mitigation, reporting, and analysis of the incident. The Network Summary dashboard and the Incident pages help to detect recent incidents and show the rules and the events that compose them. Mitigation refers to the ability of the MARS to isolate the attacking and compromised network devices by identifying and configuring enforcing devices that act as choke points in the network. Queries and reports reveal the scope of a problem and gather data for analysis and regulatory compliance. All this information can be captured in a case report with Case Management and escalated to the relevant personnel


Re: MARS topology issue with vpn concentrator

I appreciate the reply, but I'm not sure what this has to do with my issue.

I understand what MARS is. My issue is that MARS is displaying VPN remote users, that have alerted in MARS, in the wrong location on the topology map.

CreatePlease to create content