Solved: Cisco IPS

yong khang NG · ‎07-22-2013

Hi all,

Take over some maitainence job on IPS and gosh, i need some help !

ASA5510-AIP10-K9 with license expire for a year. Engine still working well but no signature update.

Question 1

What is the SKU for renewal license? can please paste the related URL here?

Question 2

The IPS engine is version 7.0(6)E4. Intend to upradge to version 7.0(8)E4.

What is the propper upgrade path? Should i start from 7.0(7)E4, then following by 7.0(8)E4

or 7.0(8)E4 patches is cumulative, therefore only need to apply the latest version?

Question 3

This is the snipet of "show version" capture:

Using 675745792 out of 1032495104 bytes of available memory (65% usage)

system is using 17.4M out of 38.5M bytes of available disk space (45% usage)

application-data is using 48.4M out of 166.6M bytes of available disk space (31% usage)

boot is using 45.6M out of 68.5M bytes of available disk space (70% usage)

application-log is using 123.5M out of 513.0M bytes of available disk space (24% usage)

Will the engine system upgrade cause the IPS running out of space? i concern on the second statement.

Million thanks to all

Noel

Marvin Rhoads · ‎07-22-2013

1. As described in this document, you need to have the IPS services support for your ASA - that is a service contract that includes both the ASA hardware and software SMARTnet as well as IPS signature and software updates. the most commonly ordered support is "AR NBD" (Advance Replacement Next Business Day) and would be Cisco SKU CON-SU1-AS1A10K9.

2. I believe 7.1(7)E4 is the current release. You can upgrade to that (or to 7.0(8)E4) directly from your current version. Please refer to the readme.

3. Your available space should be fine.

View solution in original post

Marvin Rhoads · ‎07-22-2013

1. As described in this document, you need to have the IPS services support for your ASA - that is a service contract that includes both the ASA hardware and software SMARTnet as well as IPS signature and software updates. the most commonly ordered support is "AR NBD" (Advance Replacement Next Business Day) and would be Cisco SKU CON-SU1-AS1A10K9.

2. I believe 7.1(7)E4 is the current release. You can upgrade to that (or to 7.0(8)E4) directly from your current version. Please refer to the readme.

3. Your available space should be fine.

yong khang NG · ‎07-23-2013

Hi Marvin,

Thanks for the reply, it's really helpful.

But for question 2, to update the system engine to 7.1(7)E4, according to the readme guide it needed the appliance at at least running on 7.1(1)E4. But Cisco download only have 7.1(6)E4 and 7.1(7)E4 avaiable to download.

So i presume 7.1 is loaded to the new batch of IPS (may be only support ASA 55x5 firewall)

Anyway, thanks for the replies.

Noel

Marvin Rhoads · ‎07-23-2013

You're welcome.

The readme does say:

To install the IPS-SSM_10-K9-7.1-7-E4.pkg, IPS-SSM_20-K9-7.1-7-E4.pkg,

or IPS-SSM_40-K9-7.1-7-E4.pkg service pack version upgrade file on
SSM platforms, you must be running IPS version 6.0(6) or later on
your sensor.

You have the SSM platform.