Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
729
Views
0
Helpful
3
Replies

IDSM-2 not updating 6500 ACL

Go to solution
csthomas
Level 1
Level 1

‎04-28-2008 11:11 AM - edited ‎03-10-2019 04:05 AM

I have a 6500 IDSM-2 blade which is configured to create a blocking ACL in the 6500 for a few signatures. It's been working for a couple of years but recently stopped. The IDSM detects attacks and thinks it's updating the 6500, but the 6500's ACLs are not updated and the 6500 shows no login from the IDS. I am not seeing any error msgs anywhere. When I manually insert an IP to block via the IDM client, it shows up in the sensor with no error, but the 6500 is not updated. This seems to have started about the time I installed S324 (3/26/08). The sensor is now S329. I have rebooted the IDS with no effect in behavior.

Can someone suggest what I might look at to narrow down the problem? Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marcabal
Cisco Employee
Cisco Employee
In response to csthomas

‎04-28-2008 12:43 PM

Are you running version 6.0(4)?

There is a known problem during upgrade from earlier version to 6.0(4). The passwords for blocking on routers, firewalls, and switches, as well as the passwords for auto updates were not converted properly.

CSCso31217 encrypted passwords not decrypted after upgrade

For users who already loaded 6.0(4), to fix the porblem the user needs to re-enter these passwords.

For users still on older versions and wanting to upgrade to 6.0(4), they should instead upgrade to 6.0(4a). The 6.0(4a) will properly convert the passwords.

NOTE: Users already at 6.0(4) can Not upgrade to 6.0(4a), and will need to re-enter the passwords on the sensors.

This problem has only been seen with the 6.0(4) upgrade package when upgrading from older 5.1 and 6.0 versions.

NOTE: The System Images and Recovery Images for 6.0(4) are all fine.

So if you are running a 6.0(4) version, then that is likely where your problem originated rather than a signature update.

IF you are not running version 6.0(4), then there is a small possibility you might have discovered a new bug that Cisco is unaware of.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
csthomas
Level 1
Level 1

‎04-28-2008 12:22 PM

Found problem using IDM Show Events. Password was wrong. Don't know why sig update apparently changed it (?). Resetting pw to previous value fixed updating.

0 Helpful

Go to solution
marcabal
Cisco Employee
Cisco Employee
In response to csthomas

‎04-28-2008 12:43 PM

Are you running version 6.0(4)?

There is a known problem during upgrade from earlier version to 6.0(4). The passwords for blocking on routers, firewalls, and switches, as well as the passwords for auto updates were not converted properly.

CSCso31217 encrypted passwords not decrypted after upgrade

For users who already loaded 6.0(4), to fix the porblem the user needs to re-enter these passwords.

For users still on older versions and wanting to upgrade to 6.0(4), they should instead upgrade to 6.0(4a). The 6.0(4a) will properly convert the passwords.

NOTE: Users already at 6.0(4) can Not upgrade to 6.0(4a), and will need to re-enter the passwords on the sensors.

This problem has only been seen with the 6.0(4) upgrade package when upgrading from older 5.1 and 6.0 versions.

NOTE: The System Images and Recovery Images for 6.0(4) are all fine.

So if you are running a 6.0(4) version, then that is likely where your problem originated rather than a signature update.

IF you are not running version 6.0(4), then there is a small possibility you might have discovered a new bug that Cisco is unaware of.

0 Helpful

Go to solution
csthomas
Level 1
Level 1
In response to marcabal

‎04-28-2008 02:04 PM

Yes, I am on 6.0.4. I think I put that on right before the sig update. In any case, this sounds exactly like my problem.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card