cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

4583
Views
35
Helpful
17
Replies
NPT_2
Explorer

IDSM-2 Signature Updates from Cisco.com URL?

THE IDSM-2 IPS Sensor in my 6509 switch was not auto updating from version 6.1(1)E3 S297, so I manually updated it to 7.0(2)E4 S480.  Unfortunately it still won't auto update from cisco.com and I think the url it is using is not correct.  My IDSM-2 Configuration has the url of:

https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

Is there a more current URL I should be using?

Jim

1 ACCEPTED SOLUTION

Accepted Solutions
Scott Fringer
Cisco Employee

Jim;

  The URL you provided is the correct URL.

  You can see what might be occurring by reviewing the output of the command sh stat host from the CLI.  The very end of the output will display the auto-update status.

  With that output you can either post here, and time permitting we can try to work through the issue, or you can open a service request with TAC for directed assistance.

Scott

View solution in original post

17 REPLIES 17
Scott Fringer
Cisco Employee

Jim;

  The URL you provided is the correct URL.

  You can see what might be occurring by reviewing the output of the command sh stat host from the CLI.  The very end of the output will display the auto-update status.

  With that output you can either post here, and time permitting we can try to work through the issue, or you can open a service request with TAC for directed assistance.

Scott

Ok, the strange thing is that last night the latest signature update installed without issue automatically.  Strange, oh well, all is working now.  Thanks for the info, if it reoccurs I'll either post again or open a TAC case.

Jim

Jim;

  Glad to hear it was successful.

  There is a known issue when the signature update is scheduled to occur on the hour boundary (i.e. 03:00) that it can fail to update fequently but not always.  Skewing the update check time off the boundary (i.e. 03:06) corrects the issue.

  Again, you can receive a quick view of a potential issue in the 'sh stat host' output.

Scott

That could have very well been the problem.  I just switched it to update

offset from the exact hour.  Thanks Again.

Hi,

Auto update of signatures are not happening.

output of sh stat host:- Auto Update Statistics

   lastDirectoryReadAttempt = 08:25:45 UTC Wed Apr 06 2011

    =   Read directory: http://www.cisco.com/cisco/software/download.html#

    =   Error: AutoUpdate exception: HTTP connection failed [1,0]

   lastDownloadAttempt = 10:00:51 UTC Wed Dec 22 2010

   lastInstallAttempt = N/A

   nextAttempt = 09:25:00 UTC Wed Apr 06 2011

Auxilliary Processors Installed

OS Version:             2.4.30-IDS-smp-bigphys
Recovery Partition Version 1.1 - 6.2(3)E4

Abhishek;

  The automatic IPS signature update process does not perform DNS lookups.  Your system is configured to use the following update URL:

http://www.cisco.com/cisco/software/download.html#

  This is invalid.

  The correct URL is:

https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

  This is the only valid URL; the double-forward slash (//) after the IPS address is not a typographical error.

Scott

Hello Scott,

I change the URL to https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl  still the IDSM not updating the signature automatically.

output of sh stat host: Auto Update Statistics

   lastDirectoryReadAttempt = 14:43:19 GMT+05:30 Thu Apr 07 2011

    =   Read directory: http://Rn@72.163.7.55//swc/esd/04/273556262/guest/

    =   Success

   lastDownloadAttempt = 14:43:19 GMT+05:30 Thu Apr 07 2011

    =   Download: http://Rn@72.163.7.55//swc/esd/04/273556262/guest/IPS-sig-S557-req-E4.pkg

    =   Error: autoUpdate successfully selected a package (http://Rn@72.163.7.55//swc/esd/04/273556262/guest/IPS-sig-S557-req-E4.pkg) from the cisco.com locator service, however, package download failed: HTTP status : 403 -  Webcat Access denied

   lastInstallAttempt = 15:46:59 GMT+05:30 Wed Dec 22 2010

   nextAttempt = 15:41:00 GMT+05:30 Thu Apr 07 2011

Auxilliary Processors Installed

Abhishek;

  The new output indicates that the IDSM-2 is successfully connecting to the update website.

  The IDSM-2 is encountering issue when attempting to retrieve the actual update package.  Is there a firewall, proxy server or URL filter (i.e. WebSense) between the IDSM-2 management IP address and the Internet?  If so, you will need to create an exception for the IDSM-2's management IP address so it can access the Internet without restriction.

Scott

Hello,

Any update on this issue? I see the same behavior on two IDSM-2s. I didn't see any traffic being blocked on the firewall but still opened all IP traffic from the sensors to 198.133.219.25 and there was already an exception from Websense for anything to 198.133.219.0 /24.

This behavior only started recently. A while ago they had stopped updating then started up again without any intervention. Now they've stopped again. My last update is 566.

Thanks.

Vincent