10-27-2011 01:42 AM - edited 03-10-2019 05:31 AM
Hopefully someone will be able to help me, I am unable to get the IPS signature autoupdate working on our ASA 5510. We have a valid support contract, our username does not incude and special characters and I am able to download the signature files from the website using our CCO.
When trying to get them via Auto/cisco.com update though I get the following in the event logs every update attempt:
evError: eventId=1319467413849005289 vendor=Cisco severity=error
originator:
hostId: xxxx
appName: mainApp
appInstanceId: 354
time: Oct 26, 2011 11:40:01 UTC offset=60 timeZone=GMT00:00
errorMessage: AutoUpdate exception: HTTP connection failed [1,111] name=errSystemError
I have included a "show conf" and a "show stat host" below.
<snip>
xxxxxx# show conf
! ------------------------------
! Current configuration last modified Wed Oct 26 10:48:07 2011
! ------------------------------
! Version 7.0(6)
! Host:
! Realm Keys key1.0
! Signature Definition:
! Signature Update S604.0 2011-10-20
! ------------------------------
service interface
exit
! ------------------------------
service authentication
exit
! ------------------------------
service event-action-rules rules0
exit
! ------------------------------
service host
network-settings
host-ip 10.x.x.x/24,10.x.x.x
host-name xxxxxx
telnet-option disabled
access-list 10.x.x.x/32
access-list 10.x.x.x/16
access-list 10.x.x.x/32
dns-primary-server enabled
address 10.x.x.x
exit
dns-secondary-server disabled
dns-tertiary-server disabled
exit
time-zone-settings
offset 0
standard-time-zone-name GMT00:00
exit
ntp-option enabled-ntp-unauthenticated
ntp-server 10.x.x.x
exit
summertime-option recurring
summertime-zone-name GMT00:00
start-summertime
week-of-month last
exit
end-summertime
month october
week-of-month last
exit
end-summertime
month october
week-of-month last
exit
exit
auto-upgrade
cisco-server enabled
schedule-option periodic-schedule
start-time 00:40:00
interval 1
exit
user-name xxxxxxxxxxxxxxx
cisco-url https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl
exit
exit
exit
! ------------------------------
service logger
exit
! ------------------------------
service network-access
exit
! ------------------------------
service notification
exit
! ------------------------------
service signature-definition sig0
exit
! ------------------------------
service ssh-known-hosts
exit
! ------------------------------
service trusted-certificates
exit
! ------------------------------
service web-server
exit
! ------------------------------
service anomaly-detection ad0
exit
! ------------------------------
service external-product-interface
exit
! ------------------------------
service health-monitor
exit
! ------------------------------
service global-correlation
exit
! ------------------------------
service aaa
exit
! ------------------------------
service analysis-engine
virtual-sensor vs0
physical-interface GigabitEthernet0/1
exit
exit
<snip>
xxxxxx# show stat host
General Statistics
Last Change To Host Config (UTC) = 27-Oct-2011 08:27:10
Command Control Port Device = GigabitEthernet0/0
Network Statistics
= ge0_0 Link encap:Ethernet HWaddr 00:12:D9:48:F7:44
= inet addr:10.x.x.x Bcast:10.x.x.x.x Mask:255.255.255.0
= UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
= RX packets:470106 errors:0 dropped:0 overruns:0 frame:0
= TX packets:139322 errors:0 dropped:0 overruns:0 carrier:0
= collisions:0 txqueuelen:1000
= RX bytes:40821181 (38.9 MiB) TX bytes:102615325 (97.8 MiB)
= Base address:0xbc00 Memory:f8200000-f8220000
NTP Statistics
= remote refid st t when poll reach delay offset jitter
= *time.xxxx.x 195.x.x.x 3 u 142 1024 377 1.825 -0.626 0.305
= LOCAL(0) LOCAL(0) 15 l 59 64 377 0.000 0.000 0.001
= ind assID status conf reach auth condition last_event cnt
= 1 43092 b644 yes yes none sys.peer reachable 4
= 2 43093 9044 yes yes none reject reachable 4
status = Synchronized
Memory Usage
usedBytes = 664383488
freeBytes = 368111616
totalBytes = 1032495104
Summertime Statistics
start = 03:00:00 GMT00:00 Sun Mar 27 2011
end = 01:00:00 GMT00:00 Sun Oct 30 2011
CPU Statistics
Usage over last 5 seconds = 51
Usage over last minute = 44
Usage over last 5 minutes = 50
Memory Statistics
Memory usage (bytes) = 664383488
Memory free (bytes) = 368111616
Auto Update Statistics
lastDirectoryReadAttempt = 08:40:00 GMT00:00 Thu Oct 27 2011
= Read directory: https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl
= Error: AutoUpdate exception: HTTP connection failed [1,111]
lastDownloadAttempt = N/A
lastInstallAttempt = N/A
nextAttempt = 09:28:00 GMT00:00 Thu Oct 27 2011
Auxilliary Processors Installed
<snip>
Many thanks.
Solved! Go to Solution.
 
					
				
		
10-27-2011 12:24 PM
Your error message says "HTTP connection failed".
Can you sensor's management interface reach the internet via HTTP?
Do you have a proxy between the sensor and the internet?
Can you ping from the sensor to open internet IP addresses (like google.com)?
- Bob
 
					
				
		
10-27-2011 12:24 PM
Your error message says "HTTP connection failed".
Can you sensor's management interface reach the internet via HTTP?
Do you have a proxy between the sensor and the internet?
Can you ping from the sensor to open internet IP addresses (like google.com)?
- Bob
10-31-2011 09:16 AM
Hi Bob,
Thanks for the reply - it got me thinking about how it was actually getting the update.
I needed to modify an ACL and add a PAT for the sensor management IP as I've tied down the hosts that can get out.
It's now showing that it is attempting to reach the URL - currently there aren't any updates waiting though....
Many thanks.
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide