Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco IPS auto update failure on Cisco IDSM-2

Hi Guys,

I am having issues getting  my Cisco IPS to automatically download and install signature updates from Cisco. I have Cisco 6513 which houses my IPS module. The Proxy and DNS settings are configured correctly in line with our IP address parameters. I also configured Cisco.com URL as https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl. On my firewall, I have allowed my IPS management IP address access to 198.133.219.25:443 and 198.133.219.243:80. When it's time for the scheduled signature update, it fails.

Find below the output on the firewall;

6|Feb 17 2012|16:16:20|302014|*******|52948|198.133.219.25|443|Teardown TCP connection 144816393245560712 for inside:*********/52948 to outside:198.133.219.25/443 duration 0:00:20 bytes 78 SYN Timeout
6|Feb 17 2012|16:15:59|302013|198.133.219.25|443|*******|52948|Built outbound TCP connection 144816393245560712 for inside:**********/52948 (172.23.1.65/52948) to outside:198.133.219.25/443 (198.133.219.25/443)

Output of sh stat host;

Auto Update Statistics

   lastDirectoryReadAttempt = 15:09:09 UTC Fri Feb 17 2012

    =   Read directory:

https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

    =   Error: AutoUpdate exception: HTTP connection failed [1,110]

   lastDownloadAttempt = N/A

   lastInstallAttempt = N/A

   nextAttempt = 15:06:00 UTC Fri Feb 24 2012

Auxilliary Processors Installed

Could someone please help me with the reason for the failure?

Regards

Austin

1 REPLY
Gold

Cisco IPS auto update failure on Cisco IDSM-2

Looking at your firewall logs you can see the sensor start the TCP session at Feb 17 2012|16:15:59. The firewall waits for the response from your server hosting the update files (198.133.219.25/443), after 20 seconds of no response (SYN Timeout) the firewall tears down the connection.

Can you do a packet capture on the outside interface of your firewall to see what response you're setting from your server?

- Bob

841
Views
0
Helpful
1
Replies
CreatePlease login to create content