Sorry but i have question concerning "false positive" tuning. At the customer site we defined an user rule in order to monitor a dedicated switch; this works fine and the cs-mars produces incidents. Now for a demonstration (or better said for an acceptance test) i wanted to show how false positive handling works. I clicked on the false positive link (of such an incident) an got a new window where i had to check the message/event. Below this message i found further fields where i had to enter the IP address/mask and further Interfaces. I tried to enter the IP Adresse of the reporting switch or the cs-mars appliance. In both cases i only got a message, that this ip address is already registered. Huh? What went here wrong or better said do i understand something wrong?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...