06-17-2008 12:27 PM
If I setup an ASA 5500 at a remote site to do Site-to-site IPSec VPN, can I have the remote ASA report to the local MARS through the tunnel? If so, what address would I use as the reporting address in MARS for the 5500 appliance?
06-17-2008 12:32 PM
Yes why not.
Basically you can use a 'tunnel' mode VPN and setup a site-2-site VPN tunnel between the two ASAs and add the MARS server on the remote ASA as a logging host.
Once the traffic reaches the local ASA it can then route it to the MARS on your local LAN. I think the IP address of the remote ASA should be same as its' WAN interface pointing towards the Local ASA. If you want the MARS to telnet/ssh to the firewall, you need to setup a tunnel mode VPN or just use SSH to login to the device securely over the WAN/Internet (Without any VPN).
Caution: Syslogs can be very bandwidth intensive, make sure your VPN connection can sustain that.
Regards
Farrukh
06-20-2008 12:40 PM
My question has to do with the Topology Graph. I have many site-to-site tunnels and the Graph doesn't seem to display the connectivity between sites. It displays them as separate networks with an Internet Cloud. Is this possible or a limitation since it is trying to traverse the Internet and an ISPs network. I was hoping that Mars would be a part of Interesting traffic and show at least a line through the clouds to the respective peers.
Thanks,
-Patrick..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide