The 5.0(6) and corresponding 5.1(1c) compatibility repackage have been posted in the usual Cisco download space. NOTE: Signature update S220 has been posted to bring all other systems up to date with the signature level built-in into 5.0(6). Signature updates now have a minimum required Service Pack level of 5.0(5) and this will be bumped to 5.0(6) in approximately 30 days. The delay is to give customers qualification time for the 5.0(6) service pack.
An issue with S220 has been discovered.
The S220 signature update does not provide the files required to allow the 5.1(1p1) patch to be installed over it. Customers are advised that to apply the 5.1(1p1) patch to a 5.1(1)S220 sensor, the sensor must first be downgraded to 5.1(1)S219 or earlier signature level. At that point, the 5.1(1p1) patch can be applied and subsequently the S220 signature update. This oversight will be corrected in the S221 and later signature updates, after which the 5.1(p1) patch should apply correctly.
The following are known INVALID upgrade paths:
5.1(1)S220 -> 5.1(1p1)
5.1(1p1)preS220 -> 5.1(1c)
5.1(1)preS220 -> 5.1(1c)
The following are known VALID installation sequences:
5.1(1)preS220 -> 5.1(1p1) -> S220
4.1(5)preS220 -> 5.0(1) -> 5.1(1c) -> 5.1(1p1) -> S220
5.0(1)preS220 -> 5.1(1c) -> 5.1(1p1) -> S220
5.0(5)preS220 -> 5.1(1c) -> 5.1(1p1) -> S220
The most stable 5.1(1) version at this point is 5.1(1p1)S220.
Will I need still need to apply the package update file IPS-K9-maj-5.0-1-S149.rpm.pkg to a freshly installed Cisco Intrusion Prevention System with recovery partition file IPS-K9-r-1.1-a-5.0-2.pkg.
What is the next step?
The sh ver reports that the device is at Version 5.0(2)S152.0
No, you do not have to "go backwards" to 5.0(1). We developed the "known good" update tracks to show the full potential update track from 4.1(5). Your update path would be 5.1(1c) next, followed by the 5.1(1p1) patch, followed by S221 (released last night). The key element is to apply the p1 patch before S220. The S221 signature update removes that order dependency.
I have already applied "IPS-sig-S221-minreq-5.0-5.pkg" can i still add 5.1p1 or do i first have to downgrade?
S221 has posted and the 5.1(1c) Readme has been updated. The readme changes are the addition of a warning that the 5.1(1c) package *replaces* the 5.1(1) minor update and that it is not to be applied to an existing 5.1 installation. Confusing terminology that said it could be applied to "5.0(1) and later" sensors has been modified to say "5.0(X)" sensors, dropping the "and later" and indicated that it was meant to apply to the 5.0 software train only.
The S221 signature update eliminates the order dependency between the S220 signature update and the 5.1(1p1) patch. Use S221 or later signature updates instead of S220.
I can't see any 5.1.1 packegesont he download site, just txt-s are there.
Can I upgare my 5.0(6)S220.0 to S221?
I can only find update for 5.0(5).
IPS-K9-min-5.1-1d.pkg should be posted later today.
Yes you can apply the 5.0(5)minreq S221 on 5.0(6)S220.
IPS 5.1(1d) replacement minor upgrade has been posted in the usual location. please see the topic post in NetPro or at least read the associated readme.txt.
I followed the following upgrade path.
1. I had IDS 4.1(5)S220 working fine
2. I installed IPS-K9-maj-5.0-1-S149.rpm.pkg over it. Did not get any errors. Everything was OK. "sh ver" showed IPS 5.0(1) S220.0
3. Installed IPS-K9-min-5.1-1d.pkg over it. "sh ver" now shows 5.1(1) S220
Can you tell me if it is valid or not?
Your steps were perfect.
5.1(1d) will show 5.1(1) when installed. So the 5.1(1)S220 that you see at the end of your steps is correct.