Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Cisco Employee

IPS 5.0(6) and 5.1(1c) Service Packs posted; S220 posted

The 5.0(6) and corresponding 5.1(1c) compatibility repackage have been posted in the usual Cisco download space. NOTE: Signature update S220 has been posted to bring all other systems up to date with the signature level built-in into 5.0(6). Signature updates now have a minimum required Service Pack level of 5.0(5) and this will be bumped to 5.0(6) in approximately 30 days. The delay is to give customers qualification time for the 5.0(6) service pack.

13 REPLIES
Cisco Employee

Re: IPS 5.0(6) and 5.1(1c) Service Packs posted; S220 posted

An issue with S220 has been discovered.

The S220 signature update does not provide the files required to allow the 5.1(1p1) patch to be installed over it. Customers are advised that to apply the 5.1(1p1) patch to a 5.1(1)S220 sensor, the sensor must first be downgraded to 5.1(1)S219 or earlier signature level. At that point, the 5.1(1p1) patch can be applied and subsequently the S220 signature update. This oversight will be corrected in the S221 and later signature updates, after which the 5.1(p1) patch should apply correctly.

Cisco Employee

Re: IPS 5.0(6) and 5.1(1c) Service Packs posted; S220 posted

The following are known INVALID upgrade paths:

5.1(1)S220 -> 5.1(1p1)

5.1(1p1)preS220 -> 5.1(1c)

5.1(1)preS220 -> 5.1(1c)

The following are known VALID installation sequences:

5.1(1)preS220 -> 5.1(1p1) -> S220

4.1(5)preS220 -> 5.0(1) -> 5.1(1c) -> 5.1(1p1) -> S220

5.0(1)preS220 -> 5.1(1c) -> 5.1(1p1) -> S220

5.0(5)preS220 -> 5.1(1c) -> 5.1(1p1) -> S220

The most stable 5.1(1) version at this point is 5.1(1p1)S220.

Scott

New Member

Re: IPS 5.0(6) and 5.1(1c) Service Packs posted; S220 posted

Will I need still need to apply the package update file IPS-K9-maj-5.0-1-S149.rpm.pkg to a freshly installed Cisco Intrusion Prevention System with recovery partition file IPS-K9-r-1.1-a-5.0-2.pkg.

What is the next step?

The “sh ver” reports that the device is at Version 5.0(2)S152.0

Cisco Employee

Re: IPS 5.0(6) and 5.1(1c) Service Packs posted; S220 posted

Darin,

No, you do not have to "go backwards" to 5.0(1). We developed the "known good" update tracks to show the full potential update track from 4.1(5). Your update path would be 5.1(1c) next, followed by the 5.1(1p1) patch, followed by S221 (released last night). The key element is to apply the p1 patch before S220. The S221 signature update removes that order dependency.

New Member

Re: IPS 5.0(6) and 5.1(1c) Service Packs posted; S220 posted

hi scott,

could you give me the full url path to find 5.1p1

New Member

Re: IPS 5.0(6) and 5.1(1c) Service Packs posted; S220 posted

New Member

Re: IPS 5.0(6) and 5.1(1c) Service Packs posted; S220 posted

I have already applied "IPS-sig-S221-minreq-5.0-5.pkg" can i still add 5.1p1 or do i first have to downgrade?

Cisco Employee

Re: IPS 5.0(6) and 5.1(1c) Service Packs posted; S220 posted

S221 has posted and the 5.1(1c) Readme has been updated. The readme changes are the addition of a warning that the 5.1(1c) package *replaces* the 5.1(1) minor update and that it is not to be applied to an existing 5.1 installation. Confusing terminology that said it could be applied to "5.0(1) and later" sensors has been modified to say "5.0(X)" sensors, dropping the "and later" and indicated that it was meant to apply to the 5.0 software train only.

The S221 signature update eliminates the order dependency between the S220 signature update and the 5.1(1p1) patch. Use S221 or later signature updates instead of S220.

New Member

Re: IPS 5.0(6) and 5.1(1c) Service Packs posted; S220 posted

Hi,

I can't see any 5.1.1 packegesont he download site, just txt-s are there.

Can I upgare my 5.0(6)S220.0 to S221?

I can only find update for 5.0(5).

New Member

Re: IPS 5.0(6) and 5.1(1c) Service Packs posted; S220 posted

IPS-K9-min-5.1-1d.pkg should be posted later today.

Yes you can apply the 5.0(5)minreq S221 on 5.0(6)S220.

Mario

Cisco Employee

Re: IPS 5.0(6) and 5.1(1c) Service Packs posted; S220 posted

IPS 5.1(1d) replacement minor upgrade has been posted in the usual location. please see the topic post in NetPro or at least read the associated readme.txt.

Thanks

Scott

New Member

Re: IPS 5.0(6) and 5.1(1c) Service Packs posted; S220 posted

Hi,

I followed the following upgrade path.

1. I had IDS 4.1(5)S220 working fine

2. I installed IPS-K9-maj-5.0-1-S149.rpm.pkg over it. Did not get any errors. Everything was OK. "sh ver" showed IPS 5.0(1) S220.0

3. Installed IPS-K9-min-5.1-1d.pkg over it. "sh ver" now shows 5.1(1) S220

Can you tell me if it is valid or not?

Thanks.

Cisco Employee

Re: IPS 5.0(6) and 5.1(1c) Service Packs posted; S220 posted

Your steps were perfect.

5.1(1d) will show 5.1(1) when installed. So the 5.1(1)S220 that you see at the end of your steps is correct.

Marco

186
Views
5
Helpful
13
Replies