Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IDSM-2 not updating 6500 ACL

I have a 6500 IDSM-2 blade which is configured to create a blocking ACL in the 6500 for a few signatures. It's been working for a couple of years but recently stopped. The IDSM detects attacks and thinks it's updating the 6500, but the 6500's ACLs are not updated and the 6500 shows no login from the IDS. I am not seeing any error msgs anywhere. When I manually insert an IP to block via the IDM client, it shows up in the sensor with no error, but the 6500 is not updated. This seems to have started about the time I installed S324 (3/26/08). The sensor is now S329. I have rebooted the IDS with no effect in behavior.

Can someone suggest what I might look at to narrow down the problem? Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: IDSM-2 not updating 6500 ACL

Are you running version 6.0(4)?

There is a known problem during upgrade from earlier version to 6.0(4). The passwords for blocking on routers, firewalls, and switches, as well as the passwords for auto updates were not converted properly.

CSCso31217 encrypted passwords not decrypted after upgrade

For users who already loaded 6.0(4), to fix the porblem the user needs to re-enter these passwords.

For users still on older versions and wanting to upgrade to 6.0(4), they should instead upgrade to 6.0(4a). The 6.0(4a) will properly convert the passwords.

NOTE: Users already at 6.0(4) can Not upgrade to 6.0(4a), and will need to re-enter the passwords on the sensors.

This problem has only been seen with the 6.0(4) upgrade package when upgrading from older 5.1 and 6.0 versions.

NOTE: The System Images and Recovery Images for 6.0(4) are all fine.

So if you are running a 6.0(4) version, then that is likely where your problem originated rather than a signature update.

IF you are not running version 6.0(4), then there is a small possibility you might have discovered a new bug that Cisco is unaware of.

3 REPLIES
New Member

Re: IDSM-2 not updating 6500 ACL

Found problem using IDM Show Events. Password was wrong. Don't know why sig update apparently changed it (?). Resetting pw to previous value fixed updating.

Cisco Employee

Re: IDSM-2 not updating 6500 ACL

Are you running version 6.0(4)?

There is a known problem during upgrade from earlier version to 6.0(4). The passwords for blocking on routers, firewalls, and switches, as well as the passwords for auto updates were not converted properly.

CSCso31217 encrypted passwords not decrypted after upgrade

For users who already loaded 6.0(4), to fix the porblem the user needs to re-enter these passwords.

For users still on older versions and wanting to upgrade to 6.0(4), they should instead upgrade to 6.0(4a). The 6.0(4a) will properly convert the passwords.

NOTE: Users already at 6.0(4) can Not upgrade to 6.0(4a), and will need to re-enter the passwords on the sensors.

This problem has only been seen with the 6.0(4) upgrade package when upgrading from older 5.1 and 6.0 versions.

NOTE: The System Images and Recovery Images for 6.0(4) are all fine.

So if you are running a 6.0(4) version, then that is likely where your problem originated rather than a signature update.

IF you are not running version 6.0(4), then there is a small possibility you might have discovered a new bug that Cisco is unaware of.

New Member

Re: IDSM-2 not updating 6500 ACL

Yes, I am on 6.0.4. I think I put that on right before the sig update. In any case, this sounds exactly like my problem.

137
Views
0
Helpful
3
Replies