Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
663
Views
0
Helpful
4
Replies

How do I upgrade IPS from 6.1(1)E3 to 7/0(1) on ASA?

whiteford
Level 1
Level 1

‎08-12-2009 11:39 PM - edited ‎03-10-2019 01:42 PM

Hi,

I am using ASA-SSM-10 IPS module and it is running version 6.1(1)E3, how can I updat this to version 7.0(1). I am also using the Cisco Express IPS Manager.

Labels:
0 Helpful
4 Replies 4

mkodali
Cisco Employee
Cisco Employee

‎08-13-2009 08:11 AM

You need to use the upgrade package IPS-K9-7.0-1-E3.pkg. You can download this package from Cisco.com

http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=7.0(1)E3&mdfid=280432811&sftType=Intrusion+Prevention+System+(IPS)+System+Upgrades&optPlat=&nodecount=4&edesignator=null&modelName=Cisco+ASA+Advanced+Inspection+and+Prevention+(AIP)+Security+Services+Module&treeMdfId=268438162&treeName=Security&modifmdfid=null&imname=&hybrid=Y&imst=N&lr=Y

Once you download the package to your local server you can use upgrade command on SSM-10 CLI

qssm-229(config)# upgrade ftp://@://

/IPS-K9-7.0-1-E3.pkg

Common upgrade methods and other details are available on this link :

http://www.cisco.com/en/US/docs/security/ips/6.0/configuration/guide/cli/cliImage.html

Hope this helps

0 Helpful

whiteford
Level 1
Level 1
In response to mkodali

‎08-14-2009 01:43 AM

Thanks

I upgraded it using the Cisco IPS Express manager in the end.

Problem I have now is the Global correlation is failing and I don't seem to be getting any real-time high alerts. The CPU is normally 100% but now only 5%, it is like it's not monitoring anymore.

0 Helpful

mkodali
Cisco Employee
Cisco Employee
In response to whiteford

‎08-14-2009 05:49 AM

For Global Correlation to function, you must have either a DNS server or an HTTP proxy server configured. You may need a proxy server to download Global Correlation updates if you use proxy in your network. If you are using a DNS server, you must configure at least one DNS server and it must be reachable for Global Correlation updates to be successful. More details on this link

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_setup.html#wpxref67214

You will also need a valid license for the above tasks.

Once you see updates successful you can tune the global correlation service options on IME as per the details in this link :

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/ime/ime_collaboration.html

However, not having global correlation working should not impact regular monitoring.

0 Helpful

whiteford
Level 1
Level 1
In response to mkodali

‎08-14-2009 05:53 AM

The packet tracer from the ASA proves that is not being block but rules etc.

If it is a license issue then I would think my signatures wouldn't get updated every day?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card