06-17-2010 06:52 AM - edited 03-10-2019 05:01 AM
Up until the 490 signatures, my IPS module auto-updated from cisco.com. It stopped doing that after manually updating the engine and the signature files. Nothing I do will get it to auto-update. Has anyone else seen this behavior?
06-17-2010 07:10 AM
06-17-2010 07:44 AM
My IPS version is 7.0(2)E4
I just discovered what I think may be the issue. My current license on the IPS says it doesn't expire until 7/1/11 for this serial number. However, if I try to update the license from cisco.com, I get an error that says, "Failed to update license on sensor. errExpiredLicense-The new license expire date is older than the current license expire date."
Even though I can login to cisco.com and manually download the most current signature updates, I'm wondering if for some reason, it thinks my license is expired when the module tries to automatically update?
06-17-2010 08:08 AM
Hmm. As long as the expiration date for the license in the "show version" is showing a date in the future it should not cause an issue retrieving the signature updates. The error from cisco.com in retrieving a new license should also not be causing any issue. It's just indicating that there's a license on the sensor that has as much or more time left on it as the one being offered by cisco.com.
Can you check the URL in the auto update field and copy-paste it here? It's likely that you'll need to open a TAC case to troubleshoot this further as it will be dififcult without collecting a "show tech" (which you do *not* want to post to these forums).
Best,
JT
06-17-2010 08:42 AM
https://www.cisco.com/cgi-bin/front.x/ida/locator/locator.pl is the URL that I'm pointing to for updates.
06-17-2010 09:39 AM
Try replacing the URL with:
https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl
the double slash is *not* a typo after the IP. It's necessary for the auto-update to work properly.
Best,
JT
06-17-2010 12:06 PM
I should have mentioned that in my last reply. Your URL was what I WAS using until it just stopped. The www.cisco.com was what I plugged in to try to get it to work. I will try your URL again and then open a TAC call if that's not successful.
Thanks for your help.
06-17-2010 12:19 PM
The IPS cannot perform DNS resolution, so the URL Justin provided is the default/expected URL.
Should the update not succeed, please provide the full output of the command sh stat host.
Scott
06-17-2010 12:45 PM
I swear to god that the URL with the IP address is what it was set to when it stopped working. At any rate, setting it back to the IP address instead of the DNS name has now corrected the problem. WTF?
06-17-2010 12:47 PM
I cannot address what may have been the problem; but when you encounter issues with the auto signature updates, checking the output of sh stat host should provide additional insight.
Scott
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide