07-25-2016 03:27 AM - edited 03-10-2019 06:39 AM
Hi Guys,
I am facing an issue with IPS, where the IPS is not doing an auto update with the cisco url provided below:
https://72.163.4.161//cgi-bin/front.x/ida/locator/locator.pl
The Auto Update was working fine before and it only started failing around April 2016 and we didn't change anything on the setup. At first, I was having the following error:
Error: AutoUpdate exception: TLS connection failed setup
I found a Field Notice "http://www.cisco.com/c/en/us/support/docs/field-notices/640/fn64080.html" and I upgraded the software version to 7.1(11)E4.
After the upgrade, the "AutoUpdate exception: TLS connection failed setup" message was gone, but at the moment, I don't see any messages and I get the following:
Auto Update Statistics
lastDirectoryReadAttempt = N/A
lastDownloadAttempt = N/A
lastInstallAttempt = N/A
nextAttempt = 13:55:00 Fri Jul 26 2016
Can you kindly help me out with this one? What Could be the problem? I can ping the "72.163.4.161" IP from the IPS successfully and I opened all ports on the Firewall for the IPS to communicate with this IP address.
I did reload the IPS but still faced the same issue. The current version running is 7.1(11)E4.
Thanks for the help!!
07-25-2016 06:04 AM
Have you added the new Cisco certificates to your trusted root certificate store?
http://www.cisco.com/c/en/us/support/docs/security/ips-sensor-software-version-71/113674-ips-automatic-signature-update-00.html#anc17
07-25-2016 06:23 AM
No I haven't added the new Cisco certificates to the trusted root certificate store.
I will try your suggestion and get back to you with the result.. Thanks for the info :)
08-12-2016 01:33 AM
Hi, did adding the certificate resolve the issue? I have the same problem too and I am going to schedule in time to add the certificate too.
Regards
08-12-2016 10:36 PM
It didn't solve the issue for me unfortunately. I'm still having the same problem.
If you find a solution please let us know
11-25-2016 02:57 AM
I was able to set updates manually via the cli
Auto Upgrade the IPS Command Line Link:
http://www.cisco.com/c/en/us/td/docs/security/ips/7-0/configuration/guide/cli/cliguide7/cli_system_images.html#wp1071851
Download Software
https://software.cisco.com/download/release.html?mdfid=280432811&flowid=48721&softwareid=282549755&release=S947&relind=AVAILABLE&rellifecycle=&reltype=latest
End of Service/End of Life for Signature Services for Intrusion Detection and Prevention
https://www.cisco.com/c/en/us/about/security-center/eol-ips.html
Signature versions
https://tools.cisco.com/security/center/ipshome.x
I hope this helps.
07-27-2016 08:32 PM
I added the Cisco Servers in as a "Trusted Host" but still the same problem exists :(
IPS# configure terminal
IPS(config)# tls trusted-host ip-address 72.163.4.161 port 443
Certificate MD5 fingerprint is F9:1F:FE:E6:A3:6B:99:88:41:D4:67:DD:E5:F8:97:7A
Certificate SHA1 fingerprint is 32:F3:08:82:62:2B:87:CF:88:56:C6:3D:B8:73:DF:08:53:B4:DD:27
Certificate SHA2 fingerprint is 84:20:DF:BE:37:6F:41:4B:F4:C0:A8:1E:69:36:D2:4C:CC:03:F3:04:83:5B:86:C7:A3:91:42:FC:A7:23:A6:89
Would you like to add this to the trusted certificate table for this host?[yes]: yes
Certificate ID: 72.163.4.161 succesfully added to the TLS trusted host table.
IPS(config)# exit
IPS# sh tls trusted-hosts
72.163.4.161
IPS# ping 72.163.4.161
PING 72.163.4.161 (72.163.4.161): 56 data bytes
64 bytes from 72.163.4.161: seq=0 ttl=236 time=222.925 ms
64 bytes from 72.163.4.161: seq=1 ttl=236 time=211.928 ms
64 bytes from 72.163.4.161: seq=2 ttl=236 time=225.924 ms
64 bytes from 72.163.4.161: seq=3 ttl=236 time=188.936 ms
--- 72.163.4.161 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 188.936/212.428/225.924 ms
IPS# show statistics host
General Statistics
Last Change To Host Config (UTC) = 26-Jul-2016 11:23:44
Command Control Port Device = Management0/0
Network Statistics
= ma0_0 Link encap:Ethernet HWaddr 44:2B:03:59:15:71
= inet addr: Bcast: Mask:
= UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
= RX packets:22308 errors:0 dropped:0 overruns:0 frame:0
= TX packets:35287 errors:0 dropped:0 overruns:0 carrier:0
= collisions:0 txqueuelen:1000
= RX bytes:3142733 (2.9 MiB) TX bytes:36141800 (34.4 MiB)
NTP Statistics
status = Not Synchronized
Memory Usage
usedBytes = 1767264256
freeBytes = 202534912
Cache = 230064128
totalBytes = 1969799168
CPU Statistics
Note: CPU Usage statistics are not a good indication of the sensor processing load. The Inspection Load Percentage in the output of 'show inspection-load' should be used instead.
Usage over last 5 seconds = 2
Usage over last minute = 4
Usage over last 5 minutes = 3
Memory Statistics
Memory usage (bytes) = 1767264256
Cache = 230064128
Memory free (bytes) = 202534912
Auto Update Statistics
lastDirectoryReadAttempt = N/A
lastDownloadAttempt = N/A
lastInstallAttempt = N/A
nextAttempt = 13:22:22 GMT+02:00 Wed Jul 27 2016
Auxilliary Processors Installed
07-26-2016 09:56 PM
I added the Cisco Servers in as a "Trusted Host" but still the same problem exists :(
IPS# configure terminal
IPS(config)# tls trusted-host ip-address 72.163.4.161 port 443
Certificate MD5 fingerprint is F9:1F:FE:E6:A3:6B:99:88:41:D4:67:DD:E5:F8:97:7A
Certificate SHA1 fingerprint is 32:F3:08:82:62:2B:87:CF:88:56:C6:3D:B8:73:DF:08:53:B4:DD:27
Certificate SHA2 fingerprint is 84:20:DF:BE:37:6F:41:4B:F4:C0:A8:1E:69:36:D2:4C:CC:03:F3:04:83:5B:86:C7:A3:91:42:FC:A7:23:A6:89
Would you like to add this to the trusted certificate table for this host?[yes]: yes
Certificate ID: 72.163.4.161 succesfully added to the TLS trusted host table.
IPS(config)# exit
IPS# sh tls trusted-hosts
72.163.4.161
IPS# ping 72.163.4.161
PING 72.163.4.161 (72.163.4.161): 56 data bytes
64 bytes from 72.163.4.161: seq=0 ttl=236 time=222.925 ms
64 bytes from 72.163.4.161: seq=1 ttl=236 time=211.928 ms
64 bytes from 72.163.4.161: seq=2 ttl=236 time=225.924 ms
64 bytes from 72.163.4.161: seq=3 ttl=236 time=188.936 ms
--- 72.163.4.161 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 188.936/212.428/225.924 ms
IPS# show statistics host
General Statistics
Last Change To Host Config (UTC) = 26-Jul-2016 11:23:44
Command Control Port Device = Management0/0
Network Statistics
= ma0_0 Link encap:Ethernet HWaddr 44:2B:03:59:15:71
= inet addr: Bcast: Mask:
= UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
= RX packets:22308 errors:0 dropped:0 overruns:0 frame:0
= TX packets:35287 errors:0 dropped:0 overruns:0 carrier:0
= collisions:0 txqueuelen:1000
= RX bytes:3142733 (2.9 MiB) TX bytes:36141800 (34.4 MiB)
NTP Statistics
status = Not Synchronized
Memory Usage
usedBytes = 1767264256
freeBytes = 202534912
Cache = 230064128
totalBytes = 1969799168
CPU Statistics
Note: CPU Usage statistics are not a good indication of the sensor processing load. The Inspection Load Percentage in the output of 'show inspection-load' should be used instead.
Usage over last 5 seconds = 2
Usage over last minute = 4
Usage over last 5 minutes = 3
Memory Statistics
Memory usage (bytes) = 1767264256
Cache = 230064128
Memory free (bytes) = 202534912
Auto Update Statistics
lastDirectoryReadAttempt = N/A
lastDownloadAttempt = N/A
lastInstallAttempt = N/A
nextAttempt = 13:22:22 GMT+02:00 Wed Jul 27 2016
Auxilliary Processors Installed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide