Hi, did adding the

aabdulma86 · ‎07-25-2016

Hi Guys,

I am facing an issue with IPS, where the IPS is not doing an auto update with the cisco url provided below:

https://72.163.4.161//cgi-bin/front.x/ida/locator/locator.pl

The Auto Update was working fine before and it only started failing around April 2016 and we didn't change anything on the setup. At first, I was having the following error:

Error: AutoUpdate exception: TLS connection failed setup

I found a Field Notice "http://www.cisco.com/c/en/us/support/docs/field-notices/640/fn64080.html" and I upgraded the software version to 7.1(11)E4.

After the upgrade, the "AutoUpdate exception: TLS connection failed setup" message was gone, but at the moment, I don't see any messages and I get the following:

Auto Update Statistics
lastDirectoryReadAttempt = N/A
lastDownloadAttempt = N/A
lastInstallAttempt = N/A
nextAttempt = 13:55:00 Fri Jul 26 2016

Can you kindly help me out with this one? What Could be the problem? I can ping the "72.163.4.161" IP from the IPS successfully and I opened all ports on the Firewall for the IPS to communicate with this IP address.

I did reload the IPS but still faced the same issue. The current version running is 7.1(11)E4.

Thanks for the help!!

Marvin Rhoads · ‎07-25-2016

Have you added the new Cisco certificates to your trusted root certificate store?

http://www.cisco.com/c/en/us/support/docs/security/ips-sensor-software-version-71/113674-ips-automatic-signature-update-00.html#anc17

aabdulma86 · ‎07-25-2016

No I haven't added the new Cisco certificates to the trusted root certificate store.

I will try your suggestion and get back to you with the result.. Thanks for the info :)

doylepaul · ‎08-12-2016

Hi, did adding the certificate resolve the issue? I have the same problem too and I am going to schedule in time to add the certificate too.

Regards

aabdulma86 · ‎08-12-2016

It didn't solve the issue for me unfortunately. I'm still having the same problem.

If you find a solution please let us know

doylepaul · ‎11-25-2016

I was able to set updates manually via the cli

Auto Upgrade the IPS Command Line Link:

http://www.cisco.com/c/en/us/td/docs/security/ips/7-0/configuration/guide/cli/cliguide7/cli_system_images.html#wp1071851

Download Software

https://software.cisco.com/download/release.html?mdfid=280432811&flowid=48721&softwareid=282549755&release=S947&relind=AVAILABLE&rellifecycle=&reltype=latest

End of Service/End of Life for Signature Services for Intrusion Detection and Prevention

https://www.cisco.com/c/en/us/about/security-center/eol-ips.html

Signature versions

https://tools.cisco.com/security/center/ipshome.x

I hope this helps.

aabdulma86 · ‎07-27-2016

I added the Cisco Servers in as a "Trusted Host" but still the same problem exists :(

IPS# configure terminal
IPS(config)# tls trusted-host ip-address 72.163.4.161 port 443
Certificate MD5 fingerprint is F9:1F:FE:E6:A3:6B:99:88:41:D4:67:DD:E5:F8:97:7A
Certificate SHA1 fingerprint is 32:F3:08:82:62:2B:87:CF:88:56:C6:3D:B8:73:DF:08:53:B4:DD:27
Certificate SHA2 fingerprint is 84:20:DF:BE:37:6F:41:4B:F4:C0:A8:1E:69:36:D2:4C:CC:03:F3:04:83:5B:86:C7:A3:91:42:FC:A7:23:A6:89
Would you like to add this to the trusted certificate table for this host?[yes]: yes
Certificate ID: 72.163.4.161 succesfully added to the TLS trusted host table.
IPS(config)# exit
IPS# sh tls trusted-hosts
72.163.4.161
IPS# ping 72.163.4.161
PING 72.163.4.161 (72.163.4.161): 56 data bytes
64 bytes from 72.163.4.161: seq=0 ttl=236 time=222.925 ms
64 bytes from 72.163.4.161: seq=1 ttl=236 time=211.928 ms
64 bytes from 72.163.4.161: seq=2 ttl=236 time=225.924 ms
64 bytes from 72.163.4.161: seq=3 ttl=236 time=188.936 ms

--- 72.163.4.161 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 188.936/212.428/225.924 ms

IPS# show statistics host
General Statistics
Last Change To Host Config (UTC) = 26-Jul-2016 11:23:44
Command Control Port Device = Management0/0
Network Statistics
= ma0_0 Link encap:Ethernet HWaddr 44:2B:03:59:15:71
= inet addr: Bcast: Mask:
= UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
= RX packets:22308 errors:0 dropped:0 overruns:0 frame:0
= TX packets:35287 errors:0 dropped:0 overruns:0 carrier:0
= collisions:0 txqueuelen:1000
= RX bytes:3142733 (2.9 MiB) TX bytes:36141800 (34.4 MiB)
NTP Statistics
status = Not Synchronized
Memory Usage
usedBytes = 1767264256
freeBytes = 202534912
Cache = 230064128
totalBytes = 1969799168
CPU Statistics
Note: CPU Usage statistics are not a good indication of the sensor processing load. The Inspection Load Percentage in the output of 'show inspection-load' should be used instead.
Usage over last 5 seconds = 2
Usage over last minute = 4
Usage over last 5 minutes = 3
Memory Statistics
Memory usage (bytes) = 1767264256
Cache = 230064128
Memory free (bytes) = 202534912
Auto Update Statistics
lastDirectoryReadAttempt = N/A
lastDownloadAttempt = N/A
lastInstallAttempt = N/A
nextAttempt = 13:22:22 GMT+02:00 Wed Jul 27 2016
Auxilliary Processors Installed

aabdulma86 · ‎07-26-2016

I added the Cisco Servers in as a "Trusted Host" but still the same problem exists :(

IPS# configure terminal
IPS(config)# tls trusted-host ip-address 72.163.4.161 port 443
Certificate MD5 fingerprint is F9:1F:FE:E6:A3:6B:99:88:41:D4:67:DD:E5:F8:97:7A
Certificate SHA1 fingerprint is 32:F3:08:82:62:2B:87:CF:88:56:C6:3D:B8:73:DF:08:53:B4:DD:27
Certificate SHA2 fingerprint is 84:20:DF:BE:37:6F:41:4B:F4:C0:A8:1E:69:36:D2:4C:CC:03:F3:04:83:5B:86:C7:A3:91:42:FC:A7:23:A6:89
Would you like to add this to the trusted certificate table for this host?[yes]: yes
Certificate ID: 72.163.4.161 succesfully added to the TLS trusted host table.
IPS(config)# exit
IPS# sh tls trusted-hosts
72.163.4.161
IPS# ping 72.163.4.161
PING 72.163.4.161 (72.163.4.161): 56 data bytes
64 bytes from 72.163.4.161: seq=0 ttl=236 time=222.925 ms
64 bytes from 72.163.4.161: seq=1 ttl=236 time=211.928 ms
64 bytes from 72.163.4.161: seq=2 ttl=236 time=225.924 ms
64 bytes from 72.163.4.161: seq=3 ttl=236 time=188.936 ms

--- 72.163.4.161 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 188.936/212.428/225.924 ms

IPS# show statistics host
General Statistics
Last Change To Host Config (UTC) = 26-Jul-2016 11:23:44
Command Control Port Device = Management0/0
Network Statistics
= ma0_0 Link encap:Ethernet HWaddr 44:2B:03:59:15:71
= inet addr: Bcast: Mask:
= UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
= RX packets:22308 errors:0 dropped:0 overruns:0 frame:0
= TX packets:35287 errors:0 dropped:0 overruns:0 carrier:0
= collisions:0 txqueuelen:1000
= RX bytes:3142733 (2.9 MiB) TX bytes:36141800 (34.4 MiB)
NTP Statistics
status = Not Synchronized
Memory Usage
usedBytes = 1767264256
freeBytes = 202534912
Cache = 230064128
totalBytes = 1969799168
CPU Statistics
Note: CPU Usage statistics are not a good indication of the sensor processing load. The Inspection Load Percentage in the output of 'show inspection-load' should be used instead.
Usage over last 5 seconds = 2
Usage over last minute = 4
Usage over last 5 minutes = 3
Memory Statistics
Memory usage (bytes) = 1767264256
Cache = 230064128
Memory free (bytes) = 202534912
Auto Update Statistics
lastDirectoryReadAttempt = N/A
lastDownloadAttempt = N/A
lastInstallAttempt = N/A
nextAttempt = 13:22:22 GMT+02:00 Wed Jul 27 2016
Auxilliary Processors Installed

Cisco IPS 4240 Auto Cisco.com Update NOT working