Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

No AutoUpdate feature working on ASA-SSM-20

Hi!

Autoupdate feature is not working on ASA-SSM-20 module.

We have configure:

https://www.cisco.com//cgi-bin/front.x/ida/locator/locator.pl

And/Or:

https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

And/Or:

https://www.cisco.com/cgi-bin/front.x/ida/locator/locator.pl

And/Or:

https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

We get this errors on the ASA-SSM-20 module:

evError: eventId=1280563964539644086  vendor=Cisco  severity=error 
  originator:  
    hostId: sensor1 
    appName: mainApp 
    appInstanceId: 356 
  time: nov 17, 2010 08:15:45 UTC  offset=60  timeZone=GMT+01:00 
  errorMessage: AutoUpdate exception: Receive HTTP response failed [3,212]  name=errSystemError

evError: eventId=1280563964539644079  vendor=Cisco  severity=error 
  originator:  
    hostId: sensor1 
    appName: mainApp 
    appInstanceId: 356 
  time: nov 17, 2010 08:10:02 UTC  offset=60  timeZone=GMT+01:00 
  errorMessage: http error response: 400  name=errSystemError

Any Ideas?

25 REPLIES
Cisco Employee

Re: No AutoUpdate feature working on ASA-SSM-20

How is your ASA SSM module connected? The port on the module needs to be connected to your network, and that needs to have Internet connectivity. You would need to check that the ip address/subnet assigned for your module is NATed on the ASA (if the ASA is the default gateway to the Internet), and if you have any access-list that would also need to allow the traffic.

The correct auto update URL is:

https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl


(ie: the second and forth URL you posted earlier).

New Member

Re: No AutoUpdate feature working on ASA-SSM-20

Hi!. The module is connected and has network connectivity. They have an external NTP server configured and this is working fine. On the ASA has a rule to allow http/https/ntp conectivity and the ASA reflects connections, also Global Correlation is working OK (update-manifest.ironport.com) ....but ... If connected directly to the IPS via SSH and tried to ping and/or trace to any external IP network (internet) has no response

But if I sniff with Wireshark on internal and external interfaces of the ASA, I see traffic flowing between IPS and 198.133.219.25 server. Here's a snapshot of wireshark

Cisco Employee

Re: No AutoUpdate feature working on ASA-SSM-20

What is the version of the SSM module, and also what is the current signature pack? I am assuming that your SSM module license has not expired yet.

New Member

Re: No AutoUpdate feature working on ASA-SSM-20

Product ID: ASA-SSM-20

Version: 7.0(4)E4 (650 days)

License Expiration Date: 29/08/2012

Actual Signature Version on ASA-SSM-20: S530 (updated via manual download to a PC and manual upload to ASA-SSM-20 via IME option)

Actual Signature Version Release: S531

Cisco Employee

Re: No AutoUpdate feature working on ASA-SSM-20

Well, the license has expired (expired: 29/08/2010), that is why auto update does not work anymore. You would need to purchase the subscription license to be able to update the signature pack to the latest.

New Member

Re: No AutoUpdate feature working on ASA-SSM-20

Sorry, I made a mistake typing the date

29/08/2012

Cisco Employee

Re: No AutoUpdate feature working on ASA-SSM-20

Was the auto update feature working previously?


Can you also confirm that the CCO account that you use works fine by going to www.cisco.com and try to download the signature pack manually.

Can you also check that the time on the IPS itself is correct (I understand that you sync it to an NTP server), but just want to double check if it does sync correctly and the time is correct on the IPS itself, and it's in the correct timezone, and the auto update schedule time is set to the same timezone.

New Member

Re: No AutoUpdate feature working on ASA-SSM-20

1. No, autoupdate feature never worked .... we have tried several times, and we are trying to make it work now again.

2. CCO account if working fine, we are using it to manually download signatures from:

http://www.cisco.com/cisco/pub/software/portal/select.html?&mdfid=282671829&flowid=4417&softwareid=282549755

3. Yes, time on both IPS (we have two of them) is correct and syncronized with NTP server: 150.214.94.5  Timezone is the same on the Sensor Setup->Time configuration tab and the same is set on the Autoupdate Schedule time (GMT+1)


Cisco Employee

Re: No AutoUpdate feature working on ASA-SSM-20

There is currently an open issue with automatic IPS updates on some platforms.  Work is being performed internally to correct the issue.

For the current time you will need to manually apply signature updates.

Scott

New Member

Re: No AutoUpdate feature working on ASA-SSM-20

Ok. If you/they need something, like Wireshark Captures, or run some test or something else, please let me known.

Thank you all!!!!!

New Member

Re: No AutoUpdate feature working on ASA-SSM-20

Scott Fringer

Is there a problem with the website or the platform ?

Are appliances 42xx affected ?

My 4260 is showing the same symptoms, my auto update was working before. While my 4260 isn't working my MARS is flying on the updates.

I'd posted on this:

https://supportforums.cisco.com/message/3228033#3228033

Cisco Employee

Re: No AutoUpdate feature working on ASA-SSM-20

Rodrigo;

  The issue is affecting specific platforms (the 4200 series appliances are affected).

  Efforts are still underway to correct the issue.  Until that time you can manually update the IPS signatures, or await word that the issue has been addressed.

Scott

New Member

Re: No AutoUpdate feature working on ASA-SSM-20

Is there a Bug ID?

Cisco Employee

Re: No AutoUpdate feature working on ASA-SSM-20

Rodrigo;

  There is a not a bug ID as the issue is not with the IPS software/hardware itself.  The IPS software is functioning as designed.

Scott

New Member

Re: No AutoUpdate feature working on ASA-SSM-20

Is the problem on the web platform ?

Cisco Employee

Re: No AutoUpdate feature working on ASA-SSM-20

Rodrigo;

  I cannot speak directly to the exact cause of the issue as it is being addressed by the business unit; but they have confirmed it is not a functional defect in the IPS software.

Scott

New Member

Re: No AutoUpdate feature working on ASA-SSM-20

Scott,

Do you have a list of devices that are affected? Are the ASA-SSM-10 and ASA-SSC-AIP-5 affected?

Pascal

Cisco Employee

Re: No AutoUpdate feature working on ASA-SSM-20

Pascal;

  At this time there is not a definitive list of the affected platforms.

Scott

Re: No AutoUpdate feature working on ASA-SSM-20

Hello all,

This issue has been resolved. Please set your sensors' Auto Update URL to the default and allow the update to run again. Let us know if you continue to experience issues.

Thank you,

Blayne Dreier

Cisco TAC Escalation Team

**Please check out our Podcasts**

TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast

TAC IPS Media Series: https://supportforums.cisco.com/community/netpro/security/intrusion-prevention?view=tags&tags=tac_ips_media_series

New Member

Re: No AutoUpdate feature working on ASA-SSM-20

I am experiencing a similar issue currently with a new SSC-5 module.  I am working with TAC, however reposne has been slow.  I can see traffic with Wireshark for 198.133.219.25 but I never see the traffic for 198.133.219.243 that I was told to allow on the firewall.  I also found it confusing that I need to create exceptions on the firewall for outbound traffic to these two IP addresses when I do not have to make any exceptions for any other outbound traffic.


Here is what I see:


IPS_Sensor# show stat host


Auto Update Statistics

   lastDirectoryReadAttempt = 09:03:09 GMT-06:00 Wed Jan 19 2011

    =   Read directory: https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

    =   Error: AutoUpdate exception: HTTP connection failed [1,110]

   lastDownloadAttempt = N/A

   lastInstallAttempt = N/A

   nextAttempt = 11:00:00 GMT-06:00 Wed Jan 19 2011 Auxilliary Processors Installed

IPS_Sensor# show clock

.09:24:05 GMT-06:00 Wed Jan 19 2011

I know this thread is a few months old, but am hoping to spark an interest here.


Thanks.

New Member

Re: No AutoUpdate feature working on ASA-SSM-20

I had a simular issue on a 4240, could never see the traffic for 198.133.219.243, had firewall open etc.

What fixed it for me was at my firewall, going from a static NAT rule for the appliance to a dynamic rule for inside network to outside interface.

New Member

Re: No AutoUpdate feature working on ASA-SSM-20

Our IPSs have been normally updated.


Thank you all again!

New Member

No AutoUpdate feature working on ASA-SSM-20

Hi

I had same issue on ASA-SSM-10, IPS version 7.0(6)E4.

Auto Update is working now with default URL https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

Thank you,

Vladimir

New Member

No AutoUpdate feature working on ASA-SSM-20

Vladimir is that SSM-10 still working fine using Auto Update?

New Member

No AutoUpdate feature working on ASA-SSM-20

Yes it is.

7396
Views
20
Helpful
25
Replies
CreatePlease login to create content