Core issue
This error message is seen when the user tries to upgrade the software from a different account other than the Service account.
Resolution
Follow the procedures to upgrade the Sensor:
Create a Service Account If You Do Not Have One
- Log in to use the administrator account. The prompt looks like this:
sensor#
- Enter configure terminal mode:
sensor#configure terminal
- Create the service account:
sensor(config)#username privilege
service password cisco12345
Note: Only one service account can be configured.
Manually FTP to the Intrusion Detection System (IDS)
- Log in and use the service account and root. The prompt looks like this:
bash-2.05a$
- Go into this directory:
bash-2.05a$cd /usr/cids/idsRoot/var/updates
- Connect to the FTP server:
bash-2.05a$ftp
- Setup the FTP client to use a binary mode to get the file:
ftp>bi
- Check that the file is in the FTP server:
ftp>ls
This is a sample output:
227 Entering Passive Mode .
125 Data connection already open; Transfer starting.
IDS-sig-4.1-1-S55.rpm.pkg
-rwxrwxrwx 1 owner group 2127802 Oct 20 20:15
IDS-sig-4.1-1-S56.rpm.pkg
-rwxrwxrwx 1 owner group 2143144 Oct 20 20:22
IDS-sig-4.1-1-S57.rpm.pkg
226 Transfer complete.
- Retrieve the file. You can copy and paste the filename from the previous output:
ftp>get
- Close the FTP connection and quit the FTP client:
ftp>close
ftp>quit
- Check if the file is there:
bash-2.05a$ls
- Log out from the service account:
bash-2.05a$exit
Issue a Secure Copy (SCP)
- Log in and use the administrator account. The prompt looks like this:
sensor#
- Enter configure terminal mode:
sensor#configure terminal
- Create the key:
sensor(config)#ssh host-key
- Type Yes in order to accept the key.
- Apply the upgrade:
sensor(config)#upgrade scp://
User:
Server's IP Address:
Port[22]:
File name:
Password:
Warning: Executing this command will apply a signature update to the
application
partition.
Continue with upgrade? : yes
Note: For the ssh host-key, you need to modify the access list on the Sensor to permit the IP address of the Sensor.
If you get the Error: Invalid remote version string. error message, ensure that the management interface address is in the access list. If not, add it with the use of these commands:
configure terminal
service Host
networkParams
accessList ipAddress x.x.x.x netmask 255.255.255.255
Note: Make sure that you have actually placed the ips-k9-maj-5.0-1d-s149.rpm.pkg file in the /usr/cids/idsRoot/var/updates
directory on the Sensor. In order to do so, you use Winscp3, login to the Sensor service account, and drag and drop the file from your desktop to the right folder.
Note: If you have already placed the file in that directory, use this scp command instead:
Sensor(config)#upgrade scp://service_acct_user@://usr/cids/idsRoot/var/updates/upgrade_file_name.pkg
For more details, refer to the Upgrading Cisco IPS Software from 4.1 to 5.x section of Obtaining Software.