cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1557
Views
0
Helpful
7
Replies

Cisco IPS 4240 Auto Cisco.com Update NOT working

aabdulma86
Level 1
Level 1

Hi Guys,

I am facing an issue with IPS, where the IPS is not doing an auto update with the cisco url provided below:

https://72.163.4.161//cgi-bin/front.x/ida/locator/locator.pl

The Auto Update was working fine before and it only started failing around April 2016 and we didn't change anything on the setup. At first, I was having the following error:

Error: AutoUpdate exception: TLS connection failed setup

I found a Field Notice "http://www.cisco.com/c/en/us/support/docs/field-notices/640/fn64080.html" and I upgraded the software version to 7.1(11)E4.

After the upgrade, the "AutoUpdate exception: TLS connection failed setup" message was gone, but at the moment, I don't see any messages and I get the following:

Auto Update Statistics
lastDirectoryReadAttempt = N/A
lastDownloadAttempt = N/A
lastInstallAttempt = N/A
nextAttempt = 13:55:00 Fri Jul 26 2016

Can you kindly help me out with this one? What Could be the problem? I can ping the "72.163.4.161" IP from the IPS successfully and I opened all ports on the Firewall for the IPS to communicate with this IP address.

I did reload the IPS but still faced the same issue. The current version running is 7.1(11)E4.

Thanks for the help!!

7 Replies 7

Marvin Rhoads
Hall of Fame
Hall of Fame

Have you added the new Cisco certificates to your trusted root certificate store?

http://www.cisco.com/c/en/us/support/docs/security/ips-sensor-software-version-71/113674-ips-automatic-signature-update-00.html#anc17

No I haven't added the new Cisco certificates to the trusted root certificate store.

I will try your suggestion and get back to you with the result.. Thanks for the info :)

Hi, did adding the certificate resolve the issue? I have the same problem too and I am going to schedule in time to add the certificate too.

Regards

It didn't solve the issue for me unfortunately. I'm still having the same problem.

If you find a solution please let us know

I was able to set updates manually via the cli

 

Auto Upgrade the IPS Command Line Link:

http://www.cisco.com/c/en/us/td/docs/security/ips/7-0/configuration/guide/cli/cliguide7/cli_system_images.html#wp1071851

 

Download Software

https://software.cisco.com/download/release.html?mdfid=280432811&flowid=48721&softwareid=282549755&release=S947&relind=AVAILABLE&rellifecycle=&reltype=latest

End of Service/End of Life for Signature Services for Intrusion Detection and Prevention

https://www.cisco.com/c/en/us/about/security-center/eol-ips.html

 

Signature versions

https://tools.cisco.com/security/center/ipshome.x

 

I hope this helps.

I added the Cisco Servers in as a "Trusted Host" but still the same problem exists :(

IPS# configure terminal
IPS(config)# tls trusted-host ip-address 72.163.4.161 port 443
Certificate MD5 fingerprint is F9:1F:FE:E6:A3:6B:99:88:41:D4:67:DD:E5:F8:97:7A
Certificate SHA1 fingerprint is 32:F3:08:82:62:2B:87:CF:88:56:C6:3D:B8:73:DF:08:53:B4:DD:27
Certificate SHA2 fingerprint is 84:20:DF:BE:37:6F:41:4B:F4:C0:A8:1E:69:36:D2:4C:CC:03:F3:04:83:5B:86:C7:A3:91:42:FC:A7:23:A6:89
Would you like to add this to the trusted certificate table for this host?[yes]: yes
Certificate ID: 72.163.4.161 succesfully added to the TLS trusted host table.
IPS(config)# exit
IPS# sh tls trusted-hosts
72.163.4.161
IPS# ping 72.163.4.161
PING 72.163.4.161 (72.163.4.161): 56 data bytes
64 bytes from 72.163.4.161: seq=0 ttl=236 time=222.925 ms
64 bytes from 72.163.4.161: seq=1 ttl=236 time=211.928 ms
64 bytes from 72.163.4.161: seq=2 ttl=236 time=225.924 ms
64 bytes from 72.163.4.161: seq=3 ttl=236 time=188.936 ms

--- 72.163.4.161 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 188.936/212.428/225.924 ms


IPS# show statistics host
General Statistics
Last Change To Host Config (UTC) = 26-Jul-2016 11:23:44
Command Control Port Device = Management0/0
Network Statistics
= ma0_0 Link encap:Ethernet HWaddr 44:2B:03:59:15:71
= inet addr: Bcast: Mask:
= UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
= RX packets:22308 errors:0 dropped:0 overruns:0 frame:0
= TX packets:35287 errors:0 dropped:0 overruns:0 carrier:0
= collisions:0 txqueuelen:1000
= RX bytes:3142733 (2.9 MiB) TX bytes:36141800 (34.4 MiB)
NTP Statistics
status = Not Synchronized
Memory Usage
usedBytes = 1767264256
freeBytes = 202534912
Cache = 230064128
totalBytes = 1969799168
CPU Statistics
Note: CPU Usage statistics are not a good indication of the sensor processing load. The Inspection Load Percentage in the output of 'show inspection-load' should be used instead.
Usage over last 5 seconds = 2
Usage over last minute = 4
Usage over last 5 minutes = 3
Memory Statistics
Memory usage (bytes) = 1767264256
Cache = 230064128
Memory free (bytes) = 202534912
Auto Update Statistics
lastDirectoryReadAttempt = N/A
lastDownloadAttempt = N/A
lastInstallAttempt = N/A
nextAttempt = 13:22:22 GMT+02:00 Wed Jul 27 2016
Auxilliary Processors Installed

aabdulma86
Level 1
Level 1

I added the Cisco Servers in as a "Trusted Host" but still the same problem exists :(

IPS# configure terminal
IPS(config)# tls trusted-host ip-address 72.163.4.161 port 443
Certificate MD5 fingerprint is F9:1F:FE:E6:A3:6B:99:88:41:D4:67:DD:E5:F8:97:7A
Certificate SHA1 fingerprint is 32:F3:08:82:62:2B:87:CF:88:56:C6:3D:B8:73:DF:08:53:B4:DD:27
Certificate SHA2 fingerprint is 84:20:DF:BE:37:6F:41:4B:F4:C0:A8:1E:69:36:D2:4C:CC:03:F3:04:83:5B:86:C7:A3:91:42:FC:A7:23:A6:89
Would you like to add this to the trusted certificate table for this host?[yes]: yes
Certificate ID: 72.163.4.161 succesfully added to the TLS trusted host table.
IPS(config)# exit
IPS# sh tls trusted-hosts
72.163.4.161
IPS# ping 72.163.4.161
PING 72.163.4.161 (72.163.4.161): 56 data bytes
64 bytes from 72.163.4.161: seq=0 ttl=236 time=222.925 ms
64 bytes from 72.163.4.161: seq=1 ttl=236 time=211.928 ms
64 bytes from 72.163.4.161: seq=2 ttl=236 time=225.924 ms
64 bytes from 72.163.4.161: seq=3 ttl=236 time=188.936 ms

--- 72.163.4.161 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 188.936/212.428/225.924 ms


IPS# show statistics host
General Statistics
Last Change To Host Config (UTC) = 26-Jul-2016 11:23:44
Command Control Port Device = Management0/0
Network Statistics
= ma0_0 Link encap:Ethernet HWaddr 44:2B:03:59:15:71
= inet addr: Bcast: Mask:
= UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
= RX packets:22308 errors:0 dropped:0 overruns:0 frame:0
= TX packets:35287 errors:0 dropped:0 overruns:0 carrier:0
= collisions:0 txqueuelen:1000
= RX bytes:3142733 (2.9 MiB) TX bytes:36141800 (34.4 MiB)
NTP Statistics
status = Not Synchronized
Memory Usage
usedBytes = 1767264256
freeBytes = 202534912
Cache = 230064128
totalBytes = 1969799168
CPU Statistics
Note: CPU Usage statistics are not a good indication of the sensor processing load. The Inspection Load Percentage in the output of 'show inspection-load' should be used instead.
Usage over last 5 seconds = 2
Usage over last minute = 4
Usage over last 5 minutes = 3
Memory Statistics
Memory usage (bytes) = 1767264256
Cache = 230064128
Memory free (bytes) = 202534912
Auto Update Statistics
lastDirectoryReadAttempt = N/A
lastDownloadAttempt = N/A
lastInstallAttempt = N/A
nextAttempt = 13:22:22 GMT+02:00 Wed Jul 27 2016
Auxilliary Processors Installed

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: