I am attempting to install the 1.3.2 maintenance partition image on a 6500 IDSM-2 blade so I can upgrade to 4.1. I have tried two different servers (which work for sig updates.) I get past the URL and pw, and receive the "continuing will update the maintenance partition to 1.3.2- OK? I reply "yes" and nothing happens for about five minutes, then:
Using the Windows 2k pro FTP server, I get the message "error; exp. timeout" on the sensor
Using a Linux HTTP server, I get the message "error: connection failed" on the sensor
The MD5 checksum on the server images matches that on CCO. I signed on with the service account and looked in .../var/updates and its subdirectories and don't see the MP file. df says I have 15 GB free, so space isn't the problem.
I don't think the problem is with the IDSM being busy. I would have to venture that maybe mainApp is seeing prompts from the FTP Server that it can't recognize or maybe your username, password, or filename in your upgrade command are misspelled.
I would be interested in seeing what the sniffing of the FTP connection shows.
I found part of the problem. My linux server is multihomed, and I used an IP not in the sensor's trusted list. When I set up the sniffer, I used the correct IP and it worked like a charm. It would be nice if the update command gave a "success" message rather than just returning. I booted off the 1.3.2 partition, and it looks fine.
The following might be of use to other customers with Linux servers: I'm using a Linux freeware HTTP server called Tiny HTTP. It's trivial to install and has nice security options (like only listening on my private network interface). And it communicates with the IDSM properly.
I'm running Redhat Linux 9.0. The stock FTP server is VSFTP (very secure FTP). The IDSM-2 does not seem to communicate properly with this server. From a sniffer, the comm proceeds OK until vsftp says "230 Login successful. Have fun." at which point the IDSM2 hangs and never sends another packet. That's why I'm using Tiny HTTP.
I have also been unsuccessful in trying to get SCP to work to a Linux server. I notice that the only servers Cisco supports seem to be Windows and Solaris. Since a growing number of customers will have Linux machines (and a decreasing number, Solaris), it would be nice to have some supported Linux options.
I still don't know why my (supported) Windows FTP server is failing, and I will have to sniff that.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :