I have been bounced around between Cisco and Linksys for months….
I have two simple questions… One I know the answer on… the second, I haven’t a clue…
I have corresponded with 12-15 people at Linksys, and Cisco…
Their last answer is I should contact you…. So… Here goes…. The 16th person I’m requesting this information from….. (I can’t believe that Linksys/Cisco can’t answer these simple questions!)
Seeing that I've been checking for new firmware and IPS downloads from the Cisco site for months now, and not seeing any new downloads......
And Seeing that I'm getting nagging emails that my IPS Signature is too old, Please Update it!!!!
And Seeing that I'm still getting emails that I don't understand from the RVS 4000: -IPSEC EVENT: KLIPS device ipsec0 shut down
and I can't seem to understand How or Why it is happening, and have read manual cover to cover, and all the FAQ's, and can't upgrade it because there is no current software......
I sent the following email to firstname.lastname@example.org :
Hello. Have an RVS4000 Router, being used as a Gateway...
I have emails enabled, so that I'll be informed whenever there is greater than a set level of threats.... However...
If I check the logs, there are no threats... Yet....
I keep getting the following emails:
Your Signature Version is beyond 143 days. Please Update it!
I've also been getting the following emails:
-IPSEC EVENT: KLIPS device ipsec0 shut down
I'm using V1.40 IPS signature, and V1.2.11 firmware....
Yet I keep getting these emails...
I can't update the IPS Signature Version if you don't provide it!!! And you aren't!
Secondly, WHAT THE HECK DOES: "-IPSEC EVENT: KLIPS device ipsec0 shut down" MEAN????
May I suggest that the next version of firmware have options to disable the IPS "Nags" if you are not planning on writing any more code?
And, What the Heck does: "-IPSEC EVENT: KLIPS device ipsec0 shut down" mean?
And in case you don't believe that I haven't tried for a long while to get an answer to this.....
Please visit this link: http://www.dslreports.com/forum/r22733060-RVS-4000-Support-email-to-Cisco
This is only the last half of the communications I've had with Cicso/Linksys on this..
The last information I received was to log in here, and another user would respond to my questions with suggestions....
So, here I am.... With the same two questions I've had for months, after being ignored multiple times by both Linksys and Cisco... Yeah, my attitude stinks right now.... do you fault me for that?
I can address the one question.
We do have new signature file for RVS4000, it’s under testing , we should be able to post as soon as it is approved.
The other issue I am not aware of and have not seen, but you can call the Small Business Support COmmunity on 1-866-606-1866 and open a case.
Field Channel Sales team
Thank you, Steve.... Obviously, I knew it would take something like this to fix the "Please Update IPS" emails...
Maybe on next firmware you can make this message an option... ??
Other than these two emails, system is working fine.
RVS4000 Being used as Gateway, not Router. with Wan being 10.x.x.x and Lan being 192.x.x.x Router is BEFSX41
Blocking all but skype
Mix of Gigabit and 100Mb connections
No IP, Mac, or time blocks.
Emails set to send email after 3 threats. Both Incoming and Outgoing logs are empty. I've checked logs prior to and after
this email, and always found them empty.
at another forum, I posted asking what -IPSEC EVENT: KLIPS device ipsec0 shut down ---means
and someone found reference to this being a 'VPN related command' for Linux kernel 2.4
Again, I don't know Linux, nor am I using VPN in either RVS4000 or BEFSX41 (both are locked off).
Email just received from RVS4000:
Aug 14 23:02:31 - IPSEC EVENT: KLIPS device ipsec0 shut down.
At that time, no computers were on. We were in bed...
I've received these emails with, and without computers being on.
While we are waiting for a new IPS sign. file, can you try reinstalling the existing signature file? It will be the same version you already have. This is a test to see if the message will stop (it may).
Will reloading V1.40 IPS fix this email?
Aug 17 21:03:16 - IPSEC EVENT: KLIPS device ipsec0 shut down.
or are you thinking it will reset the timer on the:
Your Signature Version is beyond 186 days. Please Update it! Email?
Thanks for the feedback. I also checked with the Product Engineering and test team and they told me that message you see is a message from the underlying Kernel that the VPN session was restarted. This could be due to any interruption of service on the WAN.
I've let a few days go by since the last answer..... To see if anyone would post answers to my origional questions.... and now it begs to be asked again...
My first post contained questions still un-answered....
Why is there not a software switch to turn off nag emails about IPS signature date?
Why is cryptic email messages being sent at all, seeing that I've told the system NOT to email me until there is 3 or more simultaneous threats?
Seeing that both incoming and outgoing logs are EMPTY, Why am I getting emails at all?
Why is it that it took MONTHS and MONTHS of Emailing Linksys, Cisco, and now Cisco Small Business the above question, and instead of answering the questions, everybody seems content with just suggesting I contact someone else?
Yes, I could reload existing IPS file, and that may shut up the emails....But: WHY SHOULD I HAVE TO DO THIS?
I'm still patiently awaiting an updated IPS file..... WHEN will it be released?
And Finally, When will new Firmware be released for the RVS4000 that will contain software swtiches to turn off "Nag" emails?
It's been a month since I've been told that a new IPS file for the RVS4000 was "immanent"
Is it "Immanent" YET?????
Yes common Cisco/Linksys this is starting to be a joke, when will the IPS update file be released?
I have been patiently watching this thread the website IPS file section for an update for some time and it's now beyond frustrating :(
This product is supposed to be for small business and my client is starting to question why I recommended this product.
If you can't provide a regular signature file then at least offer a service for this or don't bother selling the product with a IPS feature/function.
Can you advise if this file is going to be released on a regular basis so I can inform my client and put his mind to rest?
If you customers are really concerned or serious about security, one service that was introduced to allow you as a VAR to make some more money off the RVS4000 was the resale of the protectlink functionality. This is something that you can manage for your customers. Check out the URL below and the functionality of using protectlink within the RVS4000.
Hope you find this interesting.
Actually, it sounds like you are passing the buck to someone else...
Please note, it took MONTHS to get a simple answer from anyone, and the answer I received wasn't an answer at all, but a side-step of the entire issue.
One of the side-steps was a promise of a new IPS file... Where is it?
Second answer didn't tell me how to get the emails to stop, or idicate how I could mask them... just explained that a service that I don't even USE, (VPN)
was causing it!
Come on! How about some support!
I see that V220.127.116.11 Firmware has been Posted!!!
I'm printing out information on it, and looking at my notes, and printouts from prior (1.2.11) settings.... so that I can do a smooth upgrade, when the time comes...
I've not found any information indicating that V1.40 IPS file should be used with the new V18.104.22.168 firmware.....
Would someone please confirm this, or suggest to wait for updated IPS file?
Nice Job Cisco and it works great... now just the IPS file and it's happy times again :)
My client is not interested in the Trend Additional subscription at this stage, he has not been happy with the lack of attention to the basic unit and is still considering using another product. He will need to spend more on another product, however it may equal out if he has to pay for the Trend component.
Here is a link to the IPS signature and firmware.
They are independent of each other, meaning just because you update one does not mean you must update the other. There is not currently a way to turn off the notification emails that are sent when your IPS signature is too old. The trend subscription is designed to help you filter (by web address) the locations your users can go, and it can also filter your email. The administration guide for the product (88 pages/7MB in size) explains each of these features and how to activate them.
As you can see when you download the IPS signature, it was released back in February of this year. I understand how difficult it can sometimes be to navigate the Cisco site as there are multiple ways to find the same information. I hope this helps.
The IPS signature is the same one, not new..... V1.40
I'm all set to upgrade to the new V22.214.171.124 Until I heard on DSLReports that V126.96.36.199 is not compatable with Firefox V3.5
I need Firefox for my beta work...
Can you please confirm or deny that this firmware works with Firefox V3.5, Please?
When you hear that it is not compatible with Firefox, what that really means is when you open the web interface of the router you should use internet explorer. The web pages display differently in browsers other than IE. I have even heard bug reports about the url filtering only working when the users are using IE. Meaning when the users open Firefox they can get to web sites they were not able to get to in IE.
Generally, we recommend using IE for configuring your router. Firefox will work with our devices but they were built to be compatible with the masses and it has only been the past year or two that Firefox and other browsers have made a run on windows machines. Actually it was only recently that Microsoft even acknowledged that Linux was actually a competitor of theirs.
When performing your upgrade, I recommend exporting the current configuration. Then perform the upgrade to the firmware. Once the firmware has upgraded successfully, reset the unit back to factory defaults (via the button on the unit/ hold for 30 seconds) and then MANUALLY reconfigure the unit. I have experienced issues importing old configs when moving to a new firmware. Sometimes with firmware upgrades they change the location (file tree) of some items which causes problems importing an old config.
Thanks for the post and info Bill, however I think Jan and I already know the IPS signature file is downloaded from another link and not with the firmware.
What we are saying is that it's not very acceptable to have an IPS signature with a date of Feb 2009 and it's now Sep 2009 and in addition to this the unit itself is complaining about the lack of updates.
It would be good if Cisco could release these on a regular basis and even better if the unit itself could download and apply the signature like most other firewall/IPS devices on the market.
Jan I actually used FF 3.5 just before to manage the device with no problems.
I can definitley appreciate the idea of automatic updates! I also don't see why this has not been something we have tried to take adavantage of (maybe a hardware limitation?). I do know that any time a company designs software it has to go through a legal process and be approved to be released. Often times that is the hold up on our firmware and such (quick vpn client, IPS signatures, etc..). It is good to hear that you were able to successfully use FF 3.5, I will pass this on to the rest of my team.
If it's just Config that FF isn't working with, I can certainly live with that... Usually I configure the router off-line,replacing it with a BEFSX41 set for same settings... and once configured offline, swap it back into the location where it will be used....
I understand configuring manually, as I ran into issues with the SX41 not remembering exported settings after upgrade... So that has always been my operation here.
In the convoluted bunch of emails that went on for 3-4 months prior to me finding this location.... One of the emails indicated a month or more ago that a New IPS for the RVS4000 was in final test, and would be released "Real Soon Now".... That same person was un-aware of new firmware being evident....
Is a New IPS signature file forthcoming, and Should we wait for it prior to the V188.8.131.52 upgrade?
I would go ahead and back up your configs and do the upgrade, then factory reset the router and reload the firmware and signature files.
The IPS update was released last week to the following link. They also posted the newest firmware at the same time. I have had this firmware and signature installed since the day of release with no problems.
I hope this fixes any issues or questions for you
Have a great day
1.4 is the newest IPS for the RVS4000, it went from 1.3 to 1.4
Are you having problems with ver 1.4. If so what is your case # at the SBSC so I can escalate the issue if needed
In your post before you are saying that the IPS update was released last week with the firmware, however the version on the website that I see is Version 1.4 dated 3rd February 2009 as listed below.
I don't understand, is it that the file was updated but not posted to the site or has the release date text not been updated?
I was going to post the same thing... A month ago, during one if the emails that led me here, I was informed that a new IPS was in "Final Test"..
Is there an impending new IPS?
I will have to contact the PE for the RVS4000, we currently do not have any pending IPS update that I have been told about.
I will post when I get the feedback from the engineering group
Have a great day :)