Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1079
Views
0
Helpful
6
Replies

IPS Auto update

Go to solution
networker99
Level 1
Level 1

‎09-08-2010 06:07 AM - edited ‎03-10-2019 05:07 AM

I have configured the internal IDSM cards for auto update, and I see hits against our firewall ACL for this traffic but the update seems out of date on the IPS.. can anyone tell me how to troubleshoot this?

many thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
praprama
Cisco Employee
Cisco Employee
In response to networker99

‎09-08-2010 08:42 PM

Hi,

yes once you have HTTP also allowed, you should see auto update working.

The way you have configured the ACL is interesting :-) and i dont see any reason why it should not work. Lets wait for the next auto-update attempt by the IPS and see what happens. let me know how it goes!!

regards,

prapanch

View solution in original post

0 Helpful
6 Replies 6

Go to solution
praprama
Cisco Employee
Cisco Employee

‎09-08-2010 06:39 AM

Hi,

On the IDSM, can enter the command "show statistics host" and it should tell you all details regarding auto-update and the reason for failure as well. Please paste the entire output over here and we can have a look.

Regards,

Prapanch

0 Helpful

Go to solution
networker99
Level 1
Level 1
In response to praprama

‎09-08-2010 07:07 AM

Error: autoUpdate successfully selected a package (http://myaccount@198.133.219.243//swc/esd/04/273556262/contract/IPS-sig-S511-req-E4.pkg) from the cisco.com locator service, however, package download failed: HTTP connection failed

I only had https allowed, I have allowed http also now.. should this fix it?

Also all my IPS's are 10.x.1.10 (with x being the subnet).. can you write an ACL in the format:

access-list inside_in permit ip 10.0.1.10 255.0.255.255 any

Thanks in advance

0 Helpful

Go to solution
praprama
Cisco Employee
Cisco Employee
In response to networker99

‎09-08-2010 08:42 PM

Hi,

yes once you have HTTP also allowed, you should see auto update working.

The way you have configured the ACL is interesting :-) and i dont see any reason why it should not work. Lets wait for the next auto-update attempt by the IPS and see what happens. let me know how it goes!!

regards,

prapanch

0 Helpful

Go to solution
praprama
Cisco Employee
Cisco Employee
In response to networker99

‎09-17-2010 01:07 AM

Hi,

Was wondering if you managed to get the Auto Update working. If so, please do mark this thread as Answered.

Regards,

Prapanch

0 Helpful

Go to solution
networker99
Level 1
Level 1
In response to praprama

‎09-17-2010 05:23 AM

Well, yes and no.  Enabling http did not solve the issue, but if I permit ip they update.. so I am not quite sure what other ports are needed.  I will have to create a packet capture to find out.

0 Helpful

Go to solution
praprama
Cisco Employee
Cisco Employee
In response to networker99

‎09-17-2010 08:19 AM

Hmmm. That's interesting. What did the access-list look like when you ocnfigured it to allow HTTP alone? The captures will certainly help.

Regards,

Prapanch

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card