05-13-2008 11:11 PM - edited 03-10-2019 04:06 AM
hi,
the new 6.1 IPS ios has a new feature which is the auto update directly from cisco, but it seems its not working, i have entered my correct username and password , but the site already put by default for auto update seems to be not working.
anyone tried it ?
Thank you
05-13-2008 11:53 PM
Did you also configure the time at which the updates should take place?
Do a "show events" on the CLI from a minute before the scheduled time for the update, and look to see if any status messages or errors were generated.
It is possible that a firewall or something on your network may be blocking the sensor's connection to cisco.com.
05-14-2008 04:48 AM
Hi, thank you for your response.
but no , its not a firewall issue, and nothing happens, no event is generated also, the site https://192.133.219.25 ... if put in IE is giving "we are unable to precess your request at this time.
any thoughts ?
05-14-2008 09:53 AM
What platform type is this IPS sensor?
What does the Auto Update Statistics show from the "show stat host" command?
05-14-2008 10:29 PM
thank you for your reply,
the IPS is an AIP-SSM 20 , installed on an ASA 5540, now i did the show stat hosts and regarding the Auto update it show the following:
Auto Update Statistics
lastDirectoryReadAttempt = N/A
lastDownloadAttempt = N/A
lastInstallAttempt = N/A
nextAttempt = N/A
allthough i have configured it to do auto update every day at a specific hour.
any thoughts ?
thanks
05-15-2008 06:33 AM
That shows that auto updates have not been running and are not scheduled to run. Please send me the auto config. You can run:
# conf t
# ser host
# auto
# show settings
05-15-2008 07:35 AM
Please post the fix here as I am also having the same problem. However, my stats seem to suggest it's trying:
Auto Update Statistics
lastDirectoryReadAttempt = 11:30:03 EDST Thu May 15 2008
= Read directory: jphilope@cswg.com@198.133.219.243//cisco/ciscosecure/ips/6.x/sigup/')">http://jphilope@cswg.com@198.133.219.243//cisco/ciscosecure/ips/6.x/sigup/
= Success
lastDownloadAttempt = 11:30:03 EDST Thu May 15 2008
= Download: http://jphilope@cswg.com@198.133.219.243//cisco/ciscosecure/ips/6.x/sigup/IPS-sig-S333-req-E1.pkg
= Error: URI does not contain a valid ip address
lastInstallAttempt = N/A
nextAttempt = 12:30:00 EDST Thu May 15 2008
Auxilliary Processors Installed
05-15-2008 08:07 AM
My guess is that the "@" in your username is likely causing the sensor to be confused.
My guess is that the sensor is interpretting jhilope as the username and cswq.com as the ip address instead of "jhilope@cswq.com" as the username and 198.133.219.243 as the ip address.
Does someone else in your company have a cisco.com username without the "@" character in it that you could try?
NOTE: This is just my guess at what may be happening. Trying another persons userid could help to determine if that is the problem or not.
If another userid works fine, then go ahead and contact the TAC and have them write up a bug that the sensor is not working with a cisco userid containing the "@" character.
If another userid still continues to have the same issue, then the "@" character in the username may not be the issue, and additional debugging would be needed.
If you can't get another userid, then try contacting the TAC for additional debugging help.
The issue you are seeing appears to be a different issue than the original opener of this thread. Their issue is that the auto update is not event attempted. You issue is that the directory can be read, a sigupdate found that can be downloaded, but the actual download fails.
05-15-2008 09:07 AM
That fixed it. Thanks. Made sense as soon as I read it.
05-15-2008 10:25 PM
plz check below my auto update settings:
secondary(config-hos-aut)# show settings
auto-upgrade
-----------------------------------------------
cisco-server
-----------------------------------------------
enabled
-----------------------------------------------
schedule-option
-----------------------------------------------
calendar-schedule
-----------------------------------------------
times-of-day (min: 1, max: 24, current: 1)
-----------------------------------------------
time: 15:40:00
-----------------------------------------------
-----------------------------------------------
days-of-week (min: 1, max: 7, current: 5)
-----------------------------------------------
day: monday
-----------------------------------------------
day: tuesday
-----------------------------------------------
day: wednesday
-----------------------------------------------
day: thursday
-----------------------------------------------
day: friday
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
user-name: i removed it
password:
cisco-url: https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl default: https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl
-----------------------------------------------
-----------------------------------------------
user-server
-----------------------------------------------
disabled
now if this thing is fixed , i will have the other problem mentioned above and that is my username (which i removed) contains an @ in it.
Thank you
05-16-2008 03:27 AM
I can tell you changing it fixed my problem and the url is correct. I used another tech's CCO login, without the @. I would guess Cisco has to come up with a plan to deal with this as I'm sure it will be a common problem.
05-16-2008 12:09 PM
I have not been able to reproduce. I entered your exact config into CLI and show stat host gives me the correct nextAttempt:
nextAttempt = 15:40:00 UTC Mon May 19 2008
Please remove the auto config, reenter your config, and send back the sho st host:
# conf t
# ser host
# auto
# cisco-server disable
# ex
# ex
NOTE: you should use the default cisco-url
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: