Router 2911 15.3(3)M1 IOS IPS Auto-update not working

Andrzej Paszko · ‎10-24-2013

Hi,

I have a problem with auto-update. My configuration:

ida-client server url https://www.cisco.com/cgi-bin/front.x/ida/locator/locator.pl

ip ips config location flash:ips retries 1

ip ips notify SDEE

ip ips name myips

!

ip ips signature-category

category all

retired true

category ios_ips advanced

retired false

!

ip ips auto-update

occur-at weekly 0-6 52 0-23

cisco

username xxxxxxxxx password xxxxxxxxx

ip sdee messages 500

ip sdee alerts 2000

crypto pki certificate chain root

certificate ca 020000B9

30820377 3082025F A0030201 02020402 0000B930 0D06092A 864886F7 0D010105

0500305A 310B3009 06035504 06130249 45311230 10060355 040A1309 42616C74

696D6F72 65311330 11060355 040B130A 43796265 72547275 73743122 30200603

55040313 1942616C 74696D6F 72652043 79626572 54727573 7420526F 6F74301E

170D3030 30353132 31383436 30305A17 0D323530 35313232 33353930 305A305A

310B3009 06035504 06130249 45311230 10060355 040A1309 42616C74 696D6F72

65311330 11060355 040B130A 43796265 72547275 73743122 30200603 55040313

1942616C 74696D6F 72652043 79626572 54727573 7420526F 6F743082 0122300D

06092A86 4886F70D 01010105 00038201 0F003082 010A0282 010100A3 04BB22AB

983D57E8 26729AB5 79D429E2 E1E89580 B1B0E35B 8E2B299A 64DFA15D EDB00905

6DDB282E CE62A262 FEB488DA 12EB38EB 219DC041 2B01527B 8877D31C 8FC7BAB9

88B56A09 E773E811 40A7D1CC CA628D2D E58F0BA6 50D2A850 C328EAF5 AB25878A

9A961CA9 67B83F0C D5F7F952 132FC21B D57070F0 8FC012CA 06CB9AE1 D9CA337A

77D6F8EC B9F16844 424813D2 C0C2A4AE 5E60FEB6 A605FCB4 DD075902 D4591898

63F5A563 E0900C7D 5DB2067A F385EAEB D403AE5E 843E5FFF 15ED69BC F9393672

75CF7752 4DF3C990 2CB93DE5 C923533F 1F249821 5C079929 BDC63AEC E76E863A

6B977463 33BD6818 31F0788D 76BFFC9E 8E5D2A86 A74D90DC 271A3902 03010001

A3453043 301D0603 551D0E04 160414E5 9D593082 4758CCAC FA085436 867B3AB5

044DF030 12060355 1D130101 FF040830 060101FF 02010330 0E060355 1D0F0101

FF040403 02010630 0D06092A 864886F7 0D010105 05000382 01010085 0C5D8EE4

6F516842 05A0DDBB 4F272584 03BDF764 FD2DD730 E3A41017 EBDA2929 B6793F76

F6191323 B8100AF9 58A4D461 70BD0461 6A128A17 D50ABDC5 BC307CD6 E90C258D

86404FEC CCA37E38 C637114F EDDD6831 8E4CD2B3 0174EEBE 755E0748 1A7F70FF

165C84C0 7985B805 FD7FBE65 11A30FC0 02B4F852 373904D5 A9317A18 BFA02AF4

1299F7A3 4582E33C 5EF59D9E B5C89E7C 2EC8A49E 4E08144B 6DFD706D 6B1A63BD

64E61FB7 CEF0F29F 2EBB1BB7 F2508873 92C2E2E3 168D9A32 02AB8E18 DDE91011

EE7E35AB 90AF3E30 947AD033 3DA7650F F5FC8E9E 62CF4744 2C015DBB 1DB532D2

47D2382E D0FE81DC 326A1EB5 EE3CD5FC E7811D19 C32442EA 6339A9

quit

crypto pki certificate chain sub

certificate ca 0727370C

3082041B 30820303 A0030201 02020407 27370C30 0D06092A 864886F7 0D010105

0500305A 310B3009 06035504 06130249 45311230 10060355 040A1309 42616C74

696D6F72 65311330 11060355 040B130A 43796265 72547275 73743122 30200603

55040313 1942616C 74696D6F 72652043 79626572 54727573 7420526F 6F74301E

170D3130 30393038 31373335 31365A17 0D323030 39303831 37333430 385A3046

31173015 06035504 0A130E43 79626572 74727573 7420496E 63312B30 29060355

04031322 43796265 72747275 73742050 75626C69 63205375 72655365 72766572

20535620 43413082 0122300D 06092A86 4886F70D 01010105 00038201 0F003082

010A0282 010100A3 BA998DB7 E1CD7388 F9B9DDDE F405F325 F53FC552 1E515A3F

9AFF4D84 B7507FF1 108A5D7F 64551C3B A3F3FF97 7F1C4BED 6F7FE954 EC972A42

03677FB9 C86CA297 F8409324 C3255EA5 668B86BD D7B92622 6ED26683 B378C17C

587611EB 16554732 F0B93410 BD8F26A2 2568C114 2BA273D6 663D4487 5C137F58

91623D57 7F6CAE42 E8127EBD 78F1F1AC 5C356068 45BC5373 87111DC5 2EFA6035

DA91F9DA F2556CBF CAA2575C C864BCA9 5B15A0FC 1CF3442E BD06F268 D8402DBB

B3612592 93251C77 4690BFD0 AFB783A0 3C875EA5 91A8FFC1 311BB64B AC123408

D5DBEC89 876306A7 53F8D5F5 E666AC5E 846546C9 F43A250F 6CCC0F66 B89A55A1

466CFC91 235FBD02 03010001 A381FC30 81F93012 0603551D 130101FF 04083006

0101FF02 0100304F 0603551D 20044830 46304406 092B0601 0401B13E 01323037

30350608 2B060105 05070201 16296874 74703A2F 2F637962 65727472 7573742E

6F6D6E69 726F6F74 2E636F6D 2F726570 6F736974 6F727930 0E060355 1D0F0101

FF040403 02010630 1F060355 1D230418 30168014 E59D5930 824758CC ACFA0854

36867B3A B5044DF0 30420603 551D1F04 3B303930 37A035A0 33863168 7474703A

2F2F6364 70312E70 75626C69 632D7472 7573742E 636F6D2F 43524C2F 4F6D6E69

726F6F74 32303235 2E63726C 301D0603 551D0E04 16041404 9860DF80 1B96495D

65562DA5 2C09240A ECDCB930 0D06092A 864886F7 0D010105 05000382 0101005F

DF8BCF29 79782BF3 7CF4825F 79E0E1B3 28BD0875 41CE8C88 D70E55B9 02B50579

3EBB5231 B34B1EB1 FED3A221 43D291D3 16FA6B79 E48E4D19 EC4C8668 3452B76F

C2BD9C78 BEF06F3F 3D9E9F49 74C47C97 194557AC 6FFA5A3E 3FD3D6E3 2BDC8AF8

C80A0D6B 8C3F9478 37988861 91DF5914 0F09C563 54FBF4F6 AF97ECFC 636443A6

BCCCE4E3 1FDF73B0 6EF7B5C8 299BAE25 52B8B472 E1DE9348 F1289F7E 663F3F8B

550FF816 077105D7 659CD71B 3C34E644 163ABDD8 60938383 0C889665 3340DF6A

ACFFFE94 5161BB89 3FF7ACC4 E4B347E2 FDA26A32 83E27E6F F0128EA3 66764097

FB11E1F7 731FDA8B 1C31428B 9F11C549 A560ED48 2B058415 AB2F8A2C 5172C0

quit

crypto key pubkey-chain rsa

named-key realm-cisco.pub signature

key-string

30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101

00C19E93 A8AF124A D6CC7A24 5097A975 206BE3A2 06FBA13F 6F12CB5B 4E441F16

17E630D5 C02AC252 912BE27F 37FDD9C8 11FC7AF7 DCDD81D9 43CDABC3 6007D128

B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624 7E0764BF 3E53053E

5B2146A9 D7A5EDE3 0298AF03 DED7A5B8 9479039D 20F30663 9AC64B93 C0112A35

FE3F0C87 89BCB7BB 994AE74C FA9E481D F65875D6 85EAF974 6D9CC8E3 F0B08B85

50437722 FFBE85B9 5E4189FF CC189CB9 69C46F9C A84DFBA5 7A0AF99E AD768C36

006CF498 079F88F8 A3B3FB1F 9FB7B3CB 5539E1D1 9693CCBB 551F78D2 892356AE

2F56D826 8918EF3C 80CA4F4D 87BFCA3B BFF668E9 689782A5 CF31CB6E B4B094D3

F3020301 0001

quit

debug ip ips auto-update

debug ida-client

ips signature update cisco

Translating "www.cisco.com"...domain server (194.204.152.34) [OK]

Fail to connect to cisco.com

IPS Direct Download - Retrying ...

Fail to connect to cisco.com

REMMED-Router#

Oct 24 10:58:37.711: Username and password from configuration

Oct 24 10:58:37.711: User has selected to download the latest version of SDF available.

Oct 24 10:58:37.711: IDA: SSL support present

Oct 24 10:58:37.711: IDA: HTTP register Succesful

Oct 24 10:58:37.711: IDA: XML Parser init Succesful

Oct 24 10:58:37.831: IDA: Locator request send succesful

Oct 24 10:58:39.299: IDA: HTTP enqueue response message

Oct 24 10:58:39.299: IDA: HTTP response message length: 743

Oct 24 10:58:39.299: IDA: Queue Event: Received response

Oct 24 10:58:39.299: IDA: Exception message received

Oct 24 10:58:39.299: IDA: Exception:status code:005 timestamp:2013/10/24/03:58:39 message:Invalid MDF ID helpUrl:

Oct 24 10:58:39.299: IDA: Exception: Invalid MDF ID

Oct 24 10:58:39.299: IDA: Exception in response

Oct 24 10:58:39.299: IDA: HTTP unregister successful

Oct 24 10:58:39.299: IDA: XML Parser destroy successful

Oct 24 10:58:39.299: IPS Auto Update: ida_connect() failed.

Oct 24 10:58:39.299: IPS Auto-update: Request for download failed!

Oct 24 10:58:39.299: IDA: SSL support present

Oct 24 10:58:39.303: IDA: HTTP session not established

Oct 24 10:58:39.303: IDA: HTTP register Failed

Oct 24 10:58:39.303: IPS Auto Update: ida_connect() failed.

Oct 24 10:58:39.303: IPS Auto-update: Request for download failed!

Could you help me out?

Julio Carvajal · ‎10-24-2013

IOS IPS auto-update is no longer available:

I will try to have the bug ID for you,

Regards,

Jcarvaja

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

JonPBerbee · ‎10-24-2013

Hmm, interesting. Does that mean we have to manually update signatures on IOS IPS?

Jon Peckham.

rahgovin · ‎10-28-2013

IOS IPS auto update from cisco.com is disabled as of now. You may want to check this for more info:

http://tools.cisco.com/security/center/viewBulletin.x?bId=566&year=2013