https://community.cisco.com/t5/network-security/ips-auto-update/m-p/1564654#M66570 <HTML><HEAD></HEAD><BODY><P><SPAN>Error: autoUpdate successfully selected a package (</SPAN><A class="jive-link-external-small" href="http://myaccount@198.133.219.243//swc/esd/04/273556262/contract/IPS-sig-S511-req-E4.pkg">http://myaccount@198.133.219.243//swc/esd/04/273556262/contract/IPS-sig-S511-req-E4.pkg</A><SPAN>) from the cisco.com locator service, however, package download failed: HTTP connection failed</SPAN></P><P></P><P>I only had https allowed, I have allowed http also now.. should this fix it?</P><P></P><P>Also all my IPS's are 10.x.1.10 (with x being the subnet).. can you write an ACL in the format:</P><P></P><P>access-list inside_in permit ip 10.0.1.10 255.0.255.255 any</P><P></P><P>Thanks in advance</P></BODY></HTML> Wed, 08 Sep 2010 14:07:50 GMT networker99 2010-09-08T14:07:50Z https://community.cisco.com/t5/network-security/ips-auto-update/m-p/1564652#M66567 <P>I have configured the internal IDSM cards for auto update, and I see hits against our firewall ACL for this traffic but the update seems out of date on the IPS.. can anyone tell me how to troubleshoot this?</P><P></P><P>many thanks</P> Sun, 10 Mar 2019 12:07:17 GMT https://community.cisco.com/t5/network-security/ips-auto-update/m-p/1564652#M66567 networker99 2019-03-10T12:07:17Z https://community.cisco.com/t5/network-security/ips-auto-update/m-p/1564653#M66569 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>On the IDSM, can enter the command "show statistics host" and it should tell you all details regarding auto-update and the reason for failure as well. Please paste the entire output over here and we can have a look.</P><P></P><P>Regards,</P><P>Prapanch</P></BODY></HTML> Wed, 08 Sep 2010 13:39:04 GMT https://community.cisco.com/t5/network-security/ips-auto-update/m-p/1564653#M66569 praprama 2010-09-08T13:39:04Z https://community.cisco.com/t5/network-security/ips-auto-update/m-p/1564654#M66570 <HTML><HEAD></HEAD><BODY><P><SPAN>Error: autoUpdate successfully selected a package (</SPAN><A class="jive-link-external-small" href="http://myaccount@198.133.219.243//swc/esd/04/273556262/contract/IPS-sig-S511-req-E4.pkg">http://myaccount@198.133.219.243//swc/esd/04/273556262/contract/IPS-sig-S511-req-E4.pkg</A><SPAN>) from the cisco.com locator service, however, package download failed: HTTP connection failed</SPAN></P><P></P><P>I only had https allowed, I have allowed http also now.. should this fix it?</P><P></P><P>Also all my IPS's are 10.x.1.10 (with x being the subnet).. can you write an ACL in the format:</P><P></P><P>access-list inside_in permit ip 10.0.1.10 255.0.255.255 any</P><P></P><P>Thanks in advance</P></BODY></HTML> Wed, 08 Sep 2010 14:07:50 GMT https://community.cisco.com/t5/network-security/ips-auto-update/m-p/1564654#M66570 networker99 2010-09-08T14:07:50Z https://community.cisco.com/t5/network-security/ips-auto-update/m-p/1564655#M66572 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>yes once you have HTTP also allowed, you should see auto update working.</P><P></P><P>The way you have configured the ACL is interesting <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> and i dont see any reason why it should not work. Lets wait for the next auto-update attempt by the IPS and see what happens. let me know how it goes!!</P><P></P><P>regards,</P><P>prapanch</P></BODY></HTML> Thu, 09 Sep 2010 03:42:57 GMT https://community.cisco.com/t5/network-security/ips-auto-update/m-p/1564655#M66572 praprama 2010-09-09T03:42:57Z https://community.cisco.com/t5/network-security/ips-auto-update/m-p/1564656#M66574 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Was wondering if you managed to get the Auto Update working. If so, please do mark this thread as Answered.</P><P></P><P>Regards,</P><P>Prapanch</P></BODY></HTML> Fri, 17 Sep 2010 08:07:14 GMT https://community.cisco.com/t5/network-security/ips-auto-update/m-p/1564656#M66574 praprama 2010-09-17T08:07:14Z https://community.cisco.com/t5/network-security/ips-auto-update/m-p/1564657#M66576 <HTML><HEAD></HEAD><BODY><P>Well, yes and no.&nbsp; Enabling http did not solve the issue, but if I permit ip they update.. so I am not quite sure what other ports are needed.&nbsp; I will have to create a packet capture to find out.</P></BODY></HTML> Fri, 17 Sep 2010 12:23:44 GMT https://community.cisco.com/t5/network-security/ips-auto-update/m-p/1564657#M66576 networker99 2010-09-17T12:23:44Z https://community.cisco.com/t5/network-security/ips-auto-update/m-p/1564658#M66578 <HTML><HEAD></HEAD><BODY><P>Hmmm. That's interesting. What did the access-list look like when you ocnfigured it to allow HTTP alone? The captures will certainly help.</P><P></P><P>Regards,</P><P>Prapanch</P></BODY></HTML> Fri, 17 Sep 2010 15:19:25 GMT https://community.cisco.com/t5/network-security/ips-auto-update/m-p/1564658#M66578 praprama 2010-09-17T15:19:25Z