MARS and overlapping Networks

Hi. Does someone have a solution to this:
A service provider offers firewalls to his clients. Every asa si monitored by a MARS. If the clients use the same subnets in their Local networks, how can this be solved in MARS.
I mean, in the topology dashboard the firewalls will apear as connected on their inside interfaces, and in the Incident Dashboard i will see that, let's say an atacker with 10.x.x.1 tried something, but i will not know which which client (as they both have 10.x.x.x in their local lans).
Can this be solved somehow?
Thank you,
Costin

Hello Costin
To my knowledge there is no way to achive this. You have to buy separate MARS boxes for this. Cisco is offering some models with relatively less cost (based on EPS) now which you can use as local controllers. Then aggregate them to one Global Controller.
Regards
Farrukh

Similar Messages

  • MARS and MPLS networks

    Hi folks,
    I have an 80+ node network connected via a service provider managed MPLS VPN cloud. Each one of my 'spokes' connects to the provider edge (PE) router via a /30 subnet. All of my customer edge (CE) routers are in MARS, but of course the PE routers are not. When MARS graphs my network it shows 80 'stub' networks with no connectivity between them.
    I've spoken with the TME and I think the feature is planned for a future release, but I had a idea I wanted to bounce off of the folks here:
    What if I created a virtual generic router in MARS, and populated it with 80 interfaces. Each interface would have the corresponding PE router's /30 IP address. I think this would let MARS tie all of the stub networks together.
    Has anyone tried this? Will it only fix the graphing problem, or is there added benefit for MARS when everything is tied together as a cohesive network.
    Any input would be greatly appreciated.

    I think the idea of creating a virtual router and then assigning its interfaces with corresponding IP addresses will work for MARS to tie the networks. It could fix the graphing problem but I dont think anything more it will deliver.

  • ACS Database Replication over VPN with overlapping Network Addresses

    We currently have two co-locations each situated in different provinces. We have two ACS servers which we want to deploy at each co-location. All our network equipments are behind PIX/ASA devices. Getting them to replicate over the VPN should be easy but in our case we have overlapping Network Addresses at both ends of the tunnels.
    As per Cisco data does not transit a NAT device when the two Cisco Secure ACS servers communicate and a successful database replication can occur only if the secondary ACS server perceives no change in the IP header or content of the data it receives. So that means we will not be able to Implement NAT to achiever this.
    Has any one of you faced this problem of replicating ACS Database over the VPN with overlapping Network Addresses and was anyone able to successfully solve this issue using a work around ?
    All provided info and comments are greatly appreciated.

    I can help with the 3005 setup if you decide to go that route.
    You will need to add 2 network list entries under Configuration>Policy Management>Traffic Management>Network Lists.
    You will need to configure a local and remote address. The local will be one of the public ip's for the site.(Provided by your ISP)The remote will be the device you are connecting to on the other end.
    You will also need to add a Nat Lan to Lan rule under Configuration>Policy Management>Traffic Management>Nat>Lan to Lan.
    Use a static Nat type. The rest will look similar to my example.
    Source(Local address)Translated(Public Ip Address used in the network local list)Remote(Ip address of the device on the other end)
    Now just create an Ipsec lan to lan tunnel. You will need to agree with the ISP on des type and auth type. Use you local and remote networks you created earlier.

  • Mars and NAC 4.8

    Hello, i am deploying CS-MARS and i have i problem, i cant add Cisco Network Access Control in the MARS to the controleld devices
    There is just 4.1 versions.
    Is it support 4.8?
    Thanks in advance
    A.Black

    Hello Alexander
    Since MARS is going away in a while, you won't find that many device updates,even the latest release does not support NAC 4.8.x (officially).
    http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.1/compatibility/local_controller/dtlc6x.html
    However you can always add a NAC  4.8.x box as whatever is supported in the GUI and MARS would work in backwards compatible mode ignoring the  log messages introducted in the newer releases.
    Regards
    Farrukh

  • CS MARS and CSA

    If we have both CS MARS and CSA to monitor network devices, and we have all servers send logs to CSA only and then CSA send logs to CS MARS, is that going to affect the result of vulnerability scanning done by CS MARS on servers as in order for CS MARS to recognise that the incident is system determind false positive. therefore, will adding servers in CSA only not allow CS MARS to directly perform vulnerability scanning on servers or will it do it through CSA?
    Thank you

    Hello Nora
    This would depend on your requirements. As you know MARS has a built-in Nessus Scanner that does 'dynamic vuln scanning' to know more about the OS/services running on hosts; this helps in reducing false positives. Adding the CSA MC to MARS can give similar information and you may optionally exclude the server subnets (with CSA) from the dynamic vuln. scanning range in MARS.
    However there is another aspect to this, lets say you want to monitor all authentication attempts to Apache (and assuming these event types are supported in MARS). This information would come through raw syslogs which could be queried later. If you don't add the Apache server in MARS (as a monitored device), CSA might not send these message to you as it might not have any rules related to these events...I hope you get my point. So in some cases you would need both in others only adding the CSA-MC could suffice.
    Regards
    Farrukh

  • Time Capsule set up and wifi network OK but MacBook doesn't see capsule as airport device.  Do I need to do a hard reset and start again?

    I recently bought a Time Capsule and sucessfully set it up in accordance with the instruction book.  The home network and guest network seem to work fine but my MacBook cannot find the Time Capsule wirelessley.
    Initially I set up the time capsule connected to the MacBook with an ethernet cable.  The Time Machine got 30GB way through a 60GB initial back up and then stopped for no obvious reason.  Since then the capsule has not been visible to the MacBook.  I have tried to reconfigure through Airport Utility but even after reperated rescans the capsule remains invisible.
    Any help would be extremely welcome.

    1. i would restore the express to factory defaut by holding the reset button on the unit with a paperclip while you are powering it on
    2. if it restored, you should be able to see it in your wifi icon at top of screen as "airport express"
    or you can see it in airport utility
    3. then if you want to connect it wirelessly to your time capsule, you would choose "extend network" and put in relevant security and password....this would make the express a wireless access point, fed by your time capsule(main router)
    if you chose to do it wired which is a better way if you have access to ethernet port at wall, you would choose "create a wireless network" and then under the "network" tab you would choose "Bridge Mode".....this would make the express a wired access point, fed by your time capsule(main router)

  • Can no longer connect to my network and 'forget network' option has disappeared??

    Can no longer connect to my network and "forget network" option has disappeared???  (Ipod touch 5th generation). This happened on both my children's ipods. We have reset network settings but it doesn't help.

    JEM24 , your suggestion is included in:
    - iOS: Troubleshooting Wi-Fi networks and connections
    Turn your Wi-Fi router off and on2. If your ISP also provides cable or phone service, check with them before attempting this step to avoid interruption of service.
    JEM24 wrote:
    Sorry Mindi, also have your tried rebooting your router? That's all. Try that before you attempt to Restore. Cheers.

  • I can not dowload the new updated software for my Ipod touch 4G. When i do I get an error message that says Network connection has timed out. I have done the trouble shooting steps. Downloaded the latest version of Itunes, and checked network connection

    I can not dowload the new updated software for my Ipod touch 4G. When i do I get an error message that says Network connection has timed out. I have done the trouble shooting steps. Downloaded the latest version of Itunes, and checked network connection

    Disabling the computer's antivirus and firewall during the download and update usually resolves the timeout error.

  • HT4623 i have issue with my iphone5, the phone is open and good network signal, but when some one calling me they cant reach me, like the phone is off

    i have issue with my iphone5, the phone is open and good network signal, but when some one calling me they cant reach me, like the phone is off

    You are as far as you can be with the original iPad; only iPad 2 and greater will update to 7+

  • Powerbook OSX 10.4 in sleep mode - open and loose network!

    This is getting really annoying - I have a last of the line PB G4 Ti 1ghz with 1GB RAm running OSX 10.4 tiger. Use Belkin PreN router in the house and run G5 D2.3Ghz with Airport card as well. The problem only occurs when you close lid of PB to put to sleep. It also happens in public WiFi zones like hotels etc. Comes up with not connected to internet and when you look for networks it's all blank - doesn't remember a thing! I run Safari, mail and Skype on a regualr basis.
    Any ideas? Cheers

    I am looking for information on losing the airport when I put my g4 to sleep. Did you get any responses or were able to solve the question? I have to restart my computer each time to get the airport icon and my network. This started happening after i updated to 10.4.4
    Thank you

  • Keychain and Closed Network

    My airport network is closed, invisible, and uses WPA Personal security.
    Normally, when I boot up/login, keychain took care of logging me in automatically into the network.
    This past weekend, however, my keychain died. I have had to delete my past keychain entirely, and rebuild it from scratch.
    Now, whenever I log on, I have to select Other from the Airport menu and manually enter all the information for the network, after which I can join just fine. However, I am never presented with an option to store the login into my keychain, so I have to do it every time. I am not sure how to enter it into keychain manually, as I never had to do this in the past.
    Anyone know how I can make this automatic again?
    I have played with locations and preferred networks in preferences, with no luck.

    Problem magically disappeared. Not sure why.

  • Not printing text-only graphics on Canon. Not printer problem-print ok on Brother and another network Apple prints ok on Canon. Believe a computer setting was inadvertently reset. What setting and how do I reset?

    Not printing text only on Canon--grahics print ok.  Not printer problem.  Prints ok on a Brother and another network Apple prints ok on Canon.  Believe a computer setting was inadvertently reset.  What setting and how do I reset?

    Without your printer model numbers, readers can only give you vague general directions.
    System Preferences > Print&Fax > ...
    ... shows a list of all set-up printers.
    If you are having serious problems, it makes sense to "Reset the Printing System" (which also removes all printer set-ups) and add back each printer. It only takes a few minutes.
    Mac OS X 10.6 Help: Resetting the printing system

  • Make sure your network settings are correct and your network connection is active, or try again later; Have been trying to fix for ages.

    Hi Everyone, been struggling all day to restore my settings on my ipod, as my little brother has put a restriction password in place and made me not able to get into Safari, iTunes, Camera which I really need. I have tried everything, resetting my proxy settings, turning off the firewall, changing my network location, ran diagnostics. Everything seems fine on that, I post below my results. I also tried restoring from the device, but with the restrictions code in place I can not do so. And everytime I am dowloading the software update before the restore it comes up with 'Make sure your network settings are correct and your network connection is active, or try again later'. I have been using google for ages and am not sure what I have missed.
    I am using Windows 7 with an Acer Notebook.
    DIAGNOSTICS:
    Microsoft Windows 7 Enterprise Edition Service Pack 1 (Build 7601)
    Acer Aspire One 753
    iTunes 11.0.2.26
    QuickTime 7.7.3
    FairPlay 2.3.31
    Apple Application Support 2.3.3
    iPod Updater Library 10.0d2
    CD Driver 2.2.3.0
    CD Driver DLL 2.1.3.1
    Apple Mobile Device 6.1.0.13
    Apple Mobile Device Driver 1.64.0.0
    Bonjour 3.0.0.10 (333.10)
    Gracenote SDK 1.9.6.502
    Gracenote MusicID 1.9.6.115
    Gracenote Submit 1.9.6.143
    Gracenote DSP 1.9.6.45
    iTunes Serial Number 00BCBEE0093E4EF0
    Current user is not an administrator.
    The current local date and time is 2013-04-05 19:32:36.
    iTunes is not running in safe mode.
    WebKit accelerated compositing is enabled.
    HDCP is supported.
    Core Media is supported.
    Video Display Information
    Intel Corporation, Intel(R) HD Graphics
    **** External Plug-ins Information ****
    No external plug-ins installed.
    **** Network Connectivity Tests ****
    Network Adapter Information
    Adapter Name:     {E1CB97AA-CDFF-4C43-8F63-658D7E70A39F}
    Description:     Intel(R) Centrino(R) Advanced-N 6205
    IP Address:     172.16.42.14
    Subnet Mask:     255.255.255.0
    Default Gateway:     172.16.42.1
    DHCP Enabled:     Yes
    DHCP Server:     172.16.42.1
    Lease Obtained:     Fri Apr 05 19:01:59 2013
    Lease Expires:     Fri Apr 05 20:01:59 2013
    DNS Servers:     172.16.42.1
    Adapter Name:     {44D6CC7B-1F1E-4F26-BBB8-18F98A868E2B}
    Description:     Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
    IP Address:     0.0.0.0
    Subnet Mask:     0.0.0.0
    Default Gateway:     0.0.0.0
    DHCP Enabled:     Yes
    DHCP Server:
    Lease Obtained:     Thu Jan 01 11:00:00 1970
    Lease Expires:     Thu Jan 01 11:00:00 1970
    DNS Servers:
    Active Connection:     LAN Connection
    Connected:     Yes
    Online:          Yes
    Using Modem:     No
    Using LAN:     Yes
    Using Proxy:     No
    Firewall Information
    Windows Firewall is on.
    iTunes is enabled in Windows Firewall.
    Connection attempt to Apple web site was successful.
    Connection attempt to browsing iTunes Store was successful.
    Connection attempt to purchasing from iTunes Store was successful.
    Connection attempt to iPhone activation server was successful.
    Connection attempt to firmware update server was successful.
    Connection attempt to Gracenote server was successful.
    Last successful iTunes Store access was 2013-02-14 17:34:33.
    **** Device Connectivity Tests ****
    iPodService 11.0.2.26 is currently running.
    iTunesHelper 11.0.2.26 is currently running.
    Apple Mobile Device service 3.3.0.0 is currently running.
    Universal Serial Bus Controllers:
    Intel(R) 5 Series/3400 Series Chipset Family USB Enhanced Host Controller - 3B34.  Device is working properly.
    Intel(R) 5 Series/3400 Series Chipset Family USB Enhanced Host Controller - 3B3C.  Device is working properly.
    No FireWire (IEEE 1394) Host Controller found.
    Connected Device Information:
    Daniel Pugh's Ipod, iPod touch (4th generation) running firmware version 6.1.3
    Serial Number:     C3XDN3C5DCP7
    Most Recent Devices Not Currently Connected:
    iPhone 4S running firmware version 5.0.1
    Serial Number:     C38GKQWZDT9Y
    **** Device Sync Tests ****
    Sync tests completed successfully.
    Kindest Regards
    Daniel (Puggy858)

    Hi Diesel vdub,
    Did that and I tried again, download stops halfway through and comes up with same message I have already quoted. Wifi Signal is 5/5, network is working, just not letting me download via iTunes.

  • I make Rest for iPad, and now every time i open it , i chose the country and the network  and tells me he works the activation and then tell me the iPad could not be activated, try again what can i do

    i make Rest for iPad, and now every time i open it , i chose the country and the network  and tells me he works the activation and then tell me the iPad could not be activated, try again what can i do

    Those are the instructions for your computer's iTunes (i.e. using the Store menu at the top of your computer's iTunes and selecting 'View My Account' on it). If you are doing it on your iPad then are you following the instructions for iOS devices :
    To unhide your purchases
    Depending on the content type, open the App Store, iBooks, or iTunes Store on your device.
    Scroll to the bottom of the main page.
    If you're not already signed in, tap Sign In.
    Tap your Apple ID name, then tap View Account.
    Scroll down on the Account pane, and tap Hidden Purchases.
    Locate the item you would like to unhide then tap the Unhide button.

  • ICal's month view events are spilling out and overlapping making unreadable

    iCal's month view events are spilling out of their day boxes and overlapping the events below them making it impossible to look at the month view and discern one's schedule.
    What's really odd is it only seems really a problem with the current month. January 2009.
    What can I do to remedy this situation?

    Okay, I figured out a simple remedy that was probably always intended by Apple. I had been pasting long text paragraphs from emails into the 'Subject' Header. When I paste the long paragraph of information in the "NOTES" area at the bottom of the dialogue box and just put a brief subject line in the header area this fixes the problem.
    This might seem like common sense, but Palm Desktop did not require this. I figured this out by trying Entourage. Entourage synching with the iPhone however works through iCal and deleted all my color coded Calendars that I had not backed up. In Palm Desktop I had 15 categories each with a color code.
    Now, when I put an address into the "Location" window why can't I tap that on the iPhone Calendar and have the GPS/Googlemap display this location on a map?

Maybe you are looking for

  • Why does Photoshop CS5 require me to run as Administrator?

    I just installed a fresh copy of CS5 64 bit Extended Student and Teacher edition obtained direct from Adobe. It installed fine and for the first ten or so times I used it it started without any difficulty.  This morning it is refusing to start with a

  • My d7260 control panel display is blank (black)

    this just happened yesterday after 3 years

  • Premiere Pro

    New to Premiere Pro, We shoot on DVCam or Mini-DV (which can shoot progressive), very little we shoot is ever for broadcast, most goes straight to DVD for training then archive. Would it be better to shoot in the progressive mode? I hear many editors

  • Pages in Smart Forms

    Hi Experts... I'm having a problem with the paging of a couple of Smartforms... I did not develop them but I've been asked to try to fix the issue. The forms have something particular, they have different PAGES (2 or more) and the customer wants the

  • View link between view based on entity(table) and view based on stored proc

    I've created a view based on a stored procedure. I need to link this view to a view based on an entity which is based on a table. I can create the view without issue, but when I attempt to run the application module that contains the relationship I g