IPS new auto update feature

josephium · ‎05-13-2008

hi,

the new 6.1 IPS ios has a new feature which is the auto update directly from cisco, but it seems its not working, i have entered my correct username and password , but the site already put by default for auto update seems to be not working.

anyone tried it ?

Thank you

marcabal · ‎05-13-2008

Did you also configure the time at which the updates should take place?

Do a "show events" on the CLI from a minute before the scheduled time for the update, and look to see if any status messages or errors were generated.

It is possible that a firewall or something on your network may be blocking the sensor's connection to cisco.com.

josephium · ‎05-14-2008

Hi, thank you for your response.

but no , its not a firewall issue, and nothing happens, no event is generated also, the site https://192.133.219.25 ... if put in IE is giving "we are unable to precess your request at this time.

any thoughts ?

jamesand · ‎05-14-2008

What platform type is this IPS sensor?

What does the Auto Update Statistics show from the "show stat host" command?

josephium · ‎05-14-2008

thank you for your reply,

the IPS is an AIP-SSM 20 , installed on an ASA 5540, now i did the show stat hosts and regarding the Auto update it show the following:

Auto Update Statistics

lastDirectoryReadAttempt = N/A

lastDownloadAttempt = N/A

lastInstallAttempt = N/A

nextAttempt = N/A

allthough i have configured it to do auto update every day at a specific hour.

any thoughts ?

thanks

jamesand · ‎05-15-2008

That shows that auto updates have not been running and are not scheduled to run. Please send me the auto config. You can run:

# conf t

# ser host

# auto

# show settings

jphilope · ‎05-15-2008

Please post the fix here as I am also having the same problem. However, my stats seem to suggest it's trying:

Auto Update Statistics

lastDirectoryReadAttempt = 11:30:03 EDST Thu May 15 2008

= Read directory: jphilope@cswg.com@198.133.219.243//cisco/ciscosecure/ips/6.x/sigup/')">http://jphilope@cswg.com@198.133.219.243//cisco/ciscosecure/ips/6.x/sigup/

= Success

lastDownloadAttempt = 11:30:03 EDST Thu May 15 2008

= Download: http://jphilope@cswg.com@198.133.219.243//cisco/ciscosecure/ips/6.x/sigup/IPS-sig-S333-req-E1.pkg

= Error: URI does not contain a valid ip address

lastInstallAttempt = N/A

nextAttempt = 12:30:00 EDST Thu May 15 2008

Auxilliary Processors Installed

marcabal · ‎05-15-2008

My guess is that the "@" in your username is likely causing the sensor to be confused.

My guess is that the sensor is interpretting jhilope as the username and cswq.com as the ip address instead of "jhilope@cswq.com" as the username and 198.133.219.243 as the ip address.

Does someone else in your company have a cisco.com username without the "@" character in it that you could try?

NOTE: This is just my guess at what may be happening. Trying another persons userid could help to determine if that is the problem or not.

If another userid works fine, then go ahead and contact the TAC and have them write up a bug that the sensor is not working with a cisco userid containing the "@" character.

If another userid still continues to have the same issue, then the "@" character in the username may not be the issue, and additional debugging would be needed.

If you can't get another userid, then try contacting the TAC for additional debugging help.

The issue you are seeing appears to be a different issue than the original opener of this thread. Their issue is that the auto update is not event attempted. You issue is that the directory can be read, a sigupdate found that can be downloaded, but the actual download fails.

jphilope · ‎05-15-2008

That fixed it. Thanks. Made sense as soon as I read it.

josephium · ‎05-15-2008

plz check below my auto update settings:

secondary(config-hos-aut)# show settings

auto-upgrade

-----------------------------------------------

cisco-server

-----------------------------------------------

enabled

-----------------------------------------------

schedule-option

-----------------------------------------------

calendar-schedule

-----------------------------------------------

times-of-day (min: 1, max: 24, current: 1)

-----------------------------------------------

time: 15:40:00

-----------------------------------------------

days-of-week (min: 1, max: 7, current: 5)

-----------------------------------------------

day: monday

-----------------------------------------------

day: tuesday

-----------------------------------------------

day: wednesday

-----------------------------------------------

day: thursday

-----------------------------------------------

day: friday

-----------------------------------------------

user-name: i removed it

password:

cisco-url: https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl default: https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

-----------------------------------------------

user-server

-----------------------------------------------

disabled

now if this thing is fixed , i will have the other problem mentioned above and that is my username (which i removed) contains an @ in it.

Thank you

jphilope · ‎05-16-2008

I can tell you changing it fixed my problem and the url is correct. I used another tech's CCO login, without the @. I would guess Cisco has to come up with a plan to deal with this as I'm sure it will be a common problem.

jamesand · ‎05-16-2008

I have not been able to reproduce. I entered your exact config into CLI and show stat host gives me the correct nextAttempt:

nextAttempt = 15:40:00 UTC Mon May 19 2008

Please remove the auto config, reenter your config, and send back the sho st host:

# conf t

# ser host

# auto

# cisco-server disable

# ex

NOTE: you should use the default cisco-url