IDSM-2 Upgrade

Answered Question
Jun 16th, 2008
User Badges:

Hi,

I am upgrading IDSM-2 image from v5 to v6 (IPS-K9-6.0-4a-E1.pkg) after this upgrade do we need to go for the Upgradation of Recovery Partition ?

Thank you,

Dinesh

Correct Answer by Farrukh Haroon about 9 years 1 month ago

The recovery partition will be automatically upgraded to IPS-K9-6.0-4a-E1. The maintenance partition will not be I think. This is an output from an IPS upgraded earlier:


Application Partition:


Cisco Intrusion Prevention System, Version 6.0(4a)E1

......

......

Maintenance Partition Version 2.1(2)


Recovery Partition Version 1.1 - 6.0(4a)E1


Regards


Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Correct Answer
Farrukh Haroon Mon, 06/16/2008 - 23:31
User Badges:
  • Red, 2250 points or more

The recovery partition will be automatically upgraded to IPS-K9-6.0-4a-E1. The maintenance partition will not be I think. This is an output from an IPS upgraded earlier:


Application Partition:


Cisco Intrusion Prevention System, Version 6.0(4a)E1

......

......

Maintenance Partition Version 2.1(2)


Recovery Partition Version 1.1 - 6.0(4a)E1


Regards


Farrukh

dinesh.das Tue, 06/17/2008 - 20:23
User Badges:

Hi Farrukh,


what about Hardware bypass, do we need any additional harware (4 Gb bypasscard) or my IDSM-2 does have it by default.

Actually, I am planning for the VLAN pair Inline mode configuration and I am worried about the dataflow during signature or patch update.


Regards

Dinesh

Farrukh Haroon Wed, 06/18/2008 - 00:07
User Badges:
  • Red, 2250 points or more

The IDSM-2 has no hardware interfaces. It is internally connected to the switch backplane. I've done signature updates before on this platform without any issues. It will lets packets pass through (by default) when the signature engine is down.


Regards


Farrukh

dinesh.das Fri, 06/27/2008 - 03:23
User Badges:

Hi Farrukh,


My upgradation is copleted sucfuly. and it is working on SPAN with 6509.

but i am not able to create more than one SPAN session on my 6500 switch, is there any limitation, and what about if i want to create more than one SPAN session on 6500 switch.


Dinesh

dinesh.das Tue, 07/01/2008 - 21:40
User Badges:

Hi farrukh,


I am trying for Licence from cisco.com, If i clik on UPDATE Liceance from cisco.com tab, one pop up is comming on and massage is ** Sending serial number to cisco*** but nothing is happening for an hours also.



Farrukh Haroon Sun, 07/06/2008 - 06:08
User Badges:
  • Red, 2250 points or more

Try to manual process through the CLI then.


Regards


Farrukh

dinesh.das Wed, 07/09/2008 - 21:21
User Badges:

Hi Farrukh,

I dont have IPS service contract to download the licen file and this one is not updated before upgradation.

It could be a problem ?

Without IPS service contr it will not allow us to go for Licencing ?


In my invoice only these two line iteam it thr. WS-SVC-IDSM2-BUN-K9 and SC-SVC-IDSM-5.1-K9, do you think that it should be with IPS service contract like line iteam ---PAK-- ---


Please help me, I am new to this device.


Regards.

Dinesh

saed@safad.com Mon, 07/14/2008 - 05:56
User Badges:

Hi


Please i need help...I have WS-SVC-IDS2-BUN-K9 ...I need to cover it with service contract that permit us to upgrade and get license...Please advice level of service we need .


thanks in advance

Omar

dinesh.das Mon, 07/14/2008 - 22:58
User Badges:

Hi Omar,


as i know we can upgrade the IDSM with latest one without any license.. but i am not sure about, hot to get the licens without service contract.

I think farruk can guide us on this, but it seems that he is not available since long time....



Farrukh Haroon Tue, 07/15/2008 - 02:31
User Badges:
  • Red, 2250 points or more

Hi Dinesh


Sorry I'm on vacation right now :)


You will get a license file once you purchase a 'Cisco Services for IPS' contract for the IDSM-2 blade. Then you have to load that license on your sensor. Software upgrades work without a valid license. Signature updated don't work. They install and then re-install themselves after detecting that no license is present.


Regards


Farrukh

dinesh.das Fri, 07/18/2008 - 02:11
User Badges:

Hi Farrukh,


I am done with the configuration and i kept in Inline VLAN pair VLAN 16 & 166, i created on L2 vlan and 166, and assinged the same to the Virtual interface,

But i am not able to see any logs or blocking, If i keep this vlan 16 on SPAN i do have lot of logs and traffic on sensore interface.

any a Suggestion .....

dinesh.das Sat, 07/19/2008 - 04:26
User Badges:

Hi,

Every thing is same as shown in document, but i am not able to see any logs, If i keep same vlan on SPAN logs are there.


Any trouble shooting steps or tools are there ?



Farrukh Haroon Sat, 07/19/2008 - 09:03
User Badges:
  • Red, 2250 points or more

If you Inline VLAN Pair is not functional, then no traffic will pass through anyway. You can try to ping between any two devices in the 'bridged' VLANS.


Regards


Farrukh

dinesh.das Tue, 07/22/2008 - 21:34
User Badges:

My configuration is like this,


firewall vlan-group 2 10,100

Vlan 10 Inside & Vlan 100 is outsie interface of the FW Context,


I created on L2 Vlan 101

and added this VLAN (10 and 101) in VLAN PAIR config and this interface giga 0/8.1 (Subinterface). same interface is config for Virtual Sensor 0.

I dont have problem with traffic but not able to see any logs.

Farrukh Haroon Sat, 07/26/2008 - 02:58
User Badges:
  • Red, 2250 points or more

In which mode is the sensor operating?


Auto/Bypass etc.


Regards


Farrukh

dinesh.das Sun, 07/27/2008 - 23:16
User Badges:

It is in Auto (Bypass inspection when analysis engine is stopped.)


Is this will create a problem ? or do we need to change it to ON & OFF.

Farrukh Haroon Sun, 07/27/2008 - 23:21
User Badges:
  • Red, 2250 points or more

Nah Auto is fine. Can you post the configs? (show config)


Regards


Farrukh

Actions

This Discussion