Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPS Auto update

I have configured the internal IDSM cards for auto update, and I see hits against our firewall ACL for this traffic but the update seems out of date on the IPS.. can anyone tell me how to troubleshoot this?

many thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: IPS Auto update

Hi,

yes once you have HTTP also allowed, you should see auto update working.

The way you have configured the ACL is interesting :-) and i dont see any reason why it should not work. Lets wait for the next auto-update attempt by the IPS and see what happens. let me know how it goes!!

regards,

prapanch

6 REPLIES
Cisco Employee

Re: IPS Auto update

Hi,

On the IDSM, can enter the command "show statistics host" and it should tell you all details regarding auto-update and the reason for failure as well. Please paste the entire output over here and we can have a look.

Regards,

Prapanch

New Member

Re: IPS Auto update

Error: autoUpdate successfully selected a package (http://myaccount@198.133.219.243//swc/esd/04/273556262/contract/IPS-sig-S511-req-E4.pkg) from the cisco.com locator service, however, package download failed: HTTP connection failed

I only had https allowed, I have allowed http also now.. should this fix it?

Also all my IPS's are 10.x.1.10 (with x being the subnet).. can you write an ACL in the format:

access-list inside_in permit ip 10.0.1.10 255.0.255.255 any

Thanks in advance

Cisco Employee

Re: IPS Auto update

Hi,

yes once you have HTTP also allowed, you should see auto update working.

The way you have configured the ACL is interesting :-) and i dont see any reason why it should not work. Lets wait for the next auto-update attempt by the IPS and see what happens. let me know how it goes!!

regards,

prapanch

Cisco Employee

Re: IPS Auto update

Hi,

Was wondering if you managed to get the Auto Update working. If so, please do mark this thread as Answered.

Regards,

Prapanch

New Member

Re: IPS Auto update

Well, yes and no.  Enabling http did not solve the issue, but if I permit ip they update.. so I am not quite sure what other ports are needed.  I will have to create a packet capture to find out.

Cisco Employee

Re: IPS Auto update

Hmmm. That's interesting. What did the access-list look like when you ocnfigured it to allow HTTP alone? The captures will certainly help.

Regards,

Prapanch

627
Views
0
Helpful
6
Replies