What version of AsyncOS are you running? This would be on your ESA appliances, correct? Also - have you tried using the downloads-static URLs? This may help to resolve any firewall/routing issues that may be affecting local sites...
As of June 28th, 2013: downloads-static.ironport.com will have IPv4 address 220.127.116.11
Cisco offers static servers for those sites that have strict firewall requirements.
Hostnames, IPs, and Ports involved (Please Note that all the information below are needed in the firewalls, if you configure the update and upgrade using static method):
downloads-static.ironport.com: 18.104.22.168 on port 80 update-manifests.ironport.com: 22.214.171.124 on port 443 updates-static.ironport.com: 126.96.36.199 on port 80
Changing the Upgrade and Update Settings on AsyncOS:
1. Start on the Service Updates page of the Security Services page. 2. Click Edit Update Settings.... 3. In the 'Update Servers (images)' section select Local Update Servers. 4. For 'Base Url (all services except McAfee Anti-Virus definitions and IronPort AsyncOS upgrades)' enter: http://downloads-static.ironport.com. Set "Port' to 80. Authentication settings should be left blank. 5. For 'Host (McAfee Anti-Virus definitions, PXE Engine updates, IronPort AsyncOS upgrades)' enter: updates-static.ironport.com. 6. Leave the section labeled 'Update Servers (list)' set to IronPort Update Servers. 7. Fill in Proxy Servers settings if appropriate. 8. Click Submit. 9. Click Commit Changes. 10. Confirm by clicking Commit Changes again.
You can test if the upgrades are working by going to the System Upgrade page and clicking on Available Upgrades. If the list of available versions displays, then your setup is complete. To verify updates are working, you can use the CLI command 'tail' to look at the appropriate log for errors. For Sophos updates, monitor the antivirus log. For McAfee, watch the updater_logs. For CASE updates used by IPAS and VOF, look at the antispam log. The system will also send alerts when updates fail.
I hope this helps!
(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :