Can I downgrade AIP-SSM-10 from 6.2(2)E4 to 6.1(2)E3?

Answered Question
May 14th, 2010

Hi,

I have an AIP-SSM-10 (IPS-K9-6.1-2-E3) running inside an ASA (Active/Standby failover mode).

My license status is "not expired until 12.2010".

When I upgrade to 6.2(2)E4 (because it indicated I needed engine E4 in order to put the signature update) my license changed to expired.

Here is my question, what versions can i upgrade to?

I made a mistake? Can i downgrade to 6.1(2)E3 and in what way?

Thank you

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 6 years 6 months ago

Try deleting the license from service account first, then update the license via cisco.com:

1) Create a username with service account: username password privilege service

2) Then SSH to the IPS with the service account username and password created above.

Then following the steps below:

- "su" to root (same PW as svc acct PW)
- delete all the files in the /usr/cids/idsRoot/shared/ directory, *** EXCEPT host.conf file ***
- run "/etc/init.d/cids restart" to restart the IPS apps (or reboot the sensor)

3) From IDM - apply the real license by choosing to update the license via cisco.com.

Hope that resolves the issue.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jennifer Halim Fri, 05/14/2010 - 01:34

If you upgrade it to the latest version, it should not expire the license. You can even upgrade it to the latest version of 7.0.2(E4).

Try to grab the license again from IDM: Configuration --> Sensor Management --> Licensing --> Update from: cisco.com

You have to make sure that the AIP module management ip has connectivity to the Internet to connect to cisco.com

Hope that helps.

n_ganeva Fri, 05/14/2010 - 01:53

Thank you for the quick response.

I update license from IME: Configuration --> Sensor Management --> Licensing --> Update from: cisco.com

but receive error:

"Failed to update license on sensor.

errExpiredLicense-The new license expire date is older than current license expire date."

In IME-Home - Device Detail-License status for sensor is: "License expired on 2554-7-22 02:34:32 EEST"

but in Device List-License Expiration - status is "License expired"

Thanks in advance!

Correct Answer
Jennifer Halim Fri, 05/14/2010 - 01:59

Try deleting the license from service account first, then update the license via cisco.com:

1) Create a username with service account: username password privilege service

2) Then SSH to the IPS with the service account username and password created above.

Then following the steps below:

- "su" to root (same PW as svc acct PW)
- delete all the files in the /usr/cids/idsRoot/shared/ directory, *** EXCEPT host.conf file ***
- run "/etc/init.d/cids restart" to restart the IPS apps (or reboot the sensor)

3) From IDM - apply the real license by choosing to update the license via cisco.com.

Hope that resolves the issue.

n_ganeva Fri, 05/14/2010 - 02:57

Thank you very much halijenn for the quick response and for help!!!

Your answers was really helpful to me.

When I tried to get new license from cisco.com, I received selfsame license "License expired on 2554-7-22 02:34:32 EEST".

Then I repeated the procedure described by you but I update license from my old receved file from cisco - "signatureupdatekey"

and now license is OK.

Thanks again for your great help!!!

N.Ganeva

Actions

This Discussion

Related Content