Solved: Re: Reg. upgrading Cisco IDS 4.0 Version to 5.0 - Page 2

ankurs2008 · ‎07-08-2008

Dear happs / marcabal

I have one of the IDS 4215 4.1(1) Version having the details as attached .I want to upgrade the same to 5.0 and then to 6.0 .Hence i will be installing the 5.0(1e)S149 major update for upgrading it to 5.0 first

The following is written in the read me file of the service package IPS-K9-maj-5.0-1e-S149.rpm.pkg

"For IDS-4215, you should also ensure that you have upgraded the BIOS to version

5.1.7 and the ROMMON to version 1.4"

Hence i have downloaded the Upgrade utility mentioned above ; however i need to know following

1) how to check the current BIOS and ROMMON Version in IDS

2) To upgrade the BIOS and ROMMON Version , can i make my dekstop (Windows XP ) as TFTP Server as we are remotely managing (LEASE LINE) the customer IDS or do i need to have a local desktop at the customers place itself (in the cisco IDS Network range only) which can be made as TFTP Server

3) Also please let me know how to see the license details in IDS 4.0 and if there is no license available then , can we still upgrade it to version 5.0 ?

marcabal · ‎10-03-2008

In the upgrade from 4.x to 5.0 the recovery partition will upgraded automatically as part of the upgrade.

The following upgrades will upgrade both the application partition and the recovery partition:

Major upgrades (first number changes: 4.x to 5.x or 5.x to 6.x)

Minor upgrades (second number changes: 5.0 to 5.1, or 6.0 to 6.1)

Service Packs (third number chanegs: 5.1(x) to 5.1(8) or 6.0(x) to 6.0(5) )

The following types of updates do Not update the recovery partition and Only upgrade the application partition:

Engine Updates ( only the E level changes: 5.1(7)E1 to 5.1(7)E2 or 6.0(4)E1 to 6.0(4)E2 )

Signature Updates (only the S level changes: 5.1(8)E2 S358 to 5.1(8)E2 S359 )

So during small updates like Engine Updates and Signature Updates the Recovery Partition will not be updated.

We do not release new Recovery Partitions for Signature Updates since they happen so often.

We Do release new Recovery Partitions that correspond to Engine Updates but it is optional to install them.

The Major, Minor, and Service Pack updates are technically all the same type of update. They are all large, and all contain a complete image. They replace/upgrade both the recovery partition and application partition. In fact they actually first install the new recovery partition, then boot to the recovery partition with special options. The special options cause the recovery partition to re-image the application partition, but then to also copy on a new configuration that resulted from a conversion of the old configuration to work with the new version.

So with these types of upgrades the recovery partition gets automatically upgraded as well so there is no additional work for the customer.

We do deliver new recovery partitions when new major, minor, and service pack upgrades are released, but customers do not need to install them.

The recovery partitions in these cases are only needed in case their recovery partition gets corrupted (which is extremely rare), or when a customer wants to load a Prior versions recovery partition inorder to "downgrade" by recovering back to the older version (the config is not converted so you would have needed to have saved a copy of the old config)

ankurs2008 · ‎10-07-2008

Dear marcabal

Thanks for the update .As of now the current version is IDS 4.1(1) S47 and recovery partition version is also same .As i will be first upgrading the sensor ROMMON/BIOS , followed by 5.0-1e , hence please let me know as to from where i can download the current recovery partition image so that if by chance the image gets corrupted , i should be able to recover sensor to the original image.

Also , please let me know if my sequence and order of upgradn procedure is correct(mentoned below) before i go for final activity

1) Upgrade BIOS and ROMMON

2) Once i have upgraded to 5.0-1e by using the file IPS-K9-maj-5.0-1e-S149.rpm.pkg , i will upgrade the sensor to 5.1(5) E1 by using the file IPS-K9-engine-E1-req-5.1-5.pkg.

3)Once it is done , i will apply IPS-K9-5.1-7-E1.pkg for 5.1(7) followed by IPS-K9-6.0-5-E2.pkg for 6.0(5) E2 .

Regards

Ankur

marcabal · ‎10-07-2008

First issue to be aware of is that the "recovery partition" can not be used to downgrade from 5.x or 6.x Back to a 4.x version.

This is because of major differences in how partitions are handled.

The "recovery partition" can be used for downgrading from 5.x or 6.x versions back to an earlier 5.x version, or from a 6.x version to an earlier 6.x version.

As for your upgrade procedure here should be your steps:

1) Upgrade BIOS and ROMMON

2) Install IPS-K9-maj-5.0-1e-S149.rpm.pkg

3) Install IPS-K9-6.0-5-E2.pkg

There is no reason to install any other 5.0 or 5.1 updates. You can go straight from 5.0 to 6.0(5)E2.

If for some reason you feel you really want to install these in between 5.1 versions, then instead of IPS-K9-engine-E1-req-5.1-5.pkg you need to instead install IPS-K9-5.1-5-E1.pkg. The "engine" file is only used if you were already at 5.1(5) and just wanted to add the E1.

ankurs2008 · ‎10-08-2008

Dear marcabal

Thanks for the inputs provided . I want to ask you if i should take a TFTP image backup of the sensor as there is no recovery partition image to go back to for version 4.0 (in case the sensor fails to upgrade to 5.0)

Please let me know if it is possible to take a tftp image backup for the sensor .If yes , how can i achieve that .If sensor upgrade fails can i revert back to the old version with the image backup ?

Regards

Ankur

marcabal · ‎10-08-2008

If I remember right you are using an IDS-4215.

If you need to get back to 4.1 you would need to install a System Image through ROMMON.

The System Image for 4.1(4) for the IDS-4215 is available here:

http://www.cisco.com/cgi-bin/tablebuild.pl/ids4-app-recovr

IDS-4215-K9-sys-4.1-4-S91a.img

You will need to save off your 4.1 configuration before upgrading to 5.0.

If you need to get back to 4.1, then you would load the 4.1(4) System Image file, install any other updates you need, and then re-apply your 4.1 configuration.

ankurs2008 · ‎10-08-2008

Hi marcabal

Thanks a ton ! However i could not download the file as it was giving a particular error (attached) while doing so .Please try using your CCO Login and let me know if ur facing the same issue

Ankur

marcabal · ‎10-08-2008

I see the same error.

You will need to contact the TAC (Cisco help desk) to see if they can get someone to look into the issue.

ankurs2008 · ‎10-08-2008

Hi marcabal

I do have CCO Login ; however i donot have the privileges to log a ticket with TAC .Is there any other alternative to providethem the feedback for the same

Ankur

ankurs2008 · ‎10-09-2008

hi marcabal

I just want to know if the IDS is rebooted whether the traffic will pass through (keep on going uninterrupted) just like it happens in IPS?

Note : Management interface is connected to a switch which inturn connected to user LAN ; Monitoring interface connected to a hub which inturn connected to router and firewalls

Ankur

marcabal · ‎10-10-2008

When operatining in promiscuous mode the sensor is receiving Copies of the packets.

Anythin done to the sensor will only affect the Copies of the packets. The original packets should continue to pass just fine through your network.

(In your case you can consider it as the hub copying the packets to the sensor).

Only in inline mode are the original packets passed through the sensor. And in inline mode, yes, the network traffic will be affected. You can design in alternate routes/paths into your network (like a second sensor) in order to ensure packets continue passing through your network when a sensor goes down.

Version 4.x only supported promiscuous mode. So upgrading from 4.x to 5.x to 6.x should not affect your network.