Configuring VPN Devices

Available Languages

Download Options

PDF (354.8 KB)
View with Adobe Reader on a variety of devices

Updated:April 15, 2008

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Configuring VPN Devices

Table Of Contents

Configuring VPN Devices

Cisco VPN 3000 Concentrator

Bootstrap the VPN 3000 Concentrator

Add the VPN 3000 Concentrator to MARS

Configuring VPN Devices

VPN devices provide MARS with information about remote hosts, login in requests and denials, and access times. With this data, MARS can provide end-to-end attack path analysis and identify the VPN device through which attacks are launched.

This chapter explains how to bootstrap and add the following VPN device to MARS:

•Cisco VPN 3000 Concentrator

Cisco VPN 3000 Concentrator

MARS can receive and process events from the Cisco VPN 3000 Concentrator, versions 4.0.1 and 4.7. To enable communications, you must perform two tasks:

•Bootstrap the VPN 3000 Concentrator

•Add the VPN 3000 Concentrator to MARS

Bootstrap the VPN 3000 Concentrator

To configure a Cisco VPN 3000 Concentrator to generate and publish events to the MARS Appliance, you must verify that the correct events are generated in the correct format, and you must direct the Cisco VPN 3000 Concentrator to publish syslog events to the MARS Appliance.

To configure Cisco VPN 3000 Concentrator to send syslog events to MARS, follow these steps:

Step 1 Open your browser and log in to the Cisco VPN 3000 Concentrator Series Manager.

Step 2 From the tree on the left, select Configuration > System > Events > General.

Step 3 Verify that the Syslog Format is Original.

Step 4 Select Severities 1-5 in the Events to Syslog field.

Step 5 From the tree on the left, select Configuration > System > Events > Syslog Servers.

Step 6 Click Add to define a target syslog server.

Step 7 In the Syslog Server field, enter the IP address or hostname of the MARS Appliance.

Step 8 Click Add to save the syslog server settings.

Step 9 Click Save in the top-right corner to save all changes.

Add the VPN 3000 Concentrator to MARS

To add the VPN 3000 Concentrator to MARS, follow these steps:

Step 1 Select Admin > Security and Monitor Devices > Add.

Step 2 Select either Cisco VPN Concentrator 4.0.1 or Cisco VPN Concentrator 4.7 from the Device Type list.

Step 3 Enter the name of the VPN Concentrator in the Device Name field.

Step 4 Enter the IP address used to administer the VPN Concentrator in the Access IP field.

Step 5 Enter the IP address from which the syslog messages are sent to MARS in the Reporting IP field.

Step 6 Select SNMP from the Access Type list.

Step 7 (Optional) To enable MARS to retrieve MIB objects for this Concentrator, enter the device's read-only community string in the SNMP RO Community field.

MARS uses the SNMP RO string to read MIBs related to the reporting device's CPU usage and other device anomaly data.

Step 8 Click Discover.

Step 9 Click Submit.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)