cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9473
Views
20
Helpful
25
Replies

No AutoUpdate feature working on ASA-SSM-20

ConfederacionHJ
Level 1
Level 1

Hi!

Autoupdate feature is not working on ASA-SSM-20 module.

We have configure:

https://www.cisco.com//cgi-bin/front.x/ida/locator/locator.pl

And/Or:

https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

And/Or:

https://www.cisco.com/cgi-bin/front.x/ida/locator/locator.pl

And/Or:

https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

We get this errors on the ASA-SSM-20 module:

evError: eventId=1280563964539644086  vendor=Cisco  severity=error 
  originator:  
    hostId: sensor1 
    appName: mainApp 
    appInstanceId: 356 
  time: nov 17, 2010 08:15:45 UTC  offset=60  timeZone=GMT+01:00 
  errorMessage: AutoUpdate exception: Receive HTTP response failed [3,212]  name=errSystemError

evError: eventId=1280563964539644079  vendor=Cisco  severity=error 
  originator:  
    hostId: sensor1 
    appName: mainApp 
    appInstanceId: 356 
  time: nov 17, 2010 08:10:02 UTC  offset=60  timeZone=GMT+01:00 
  errorMessage: http error response: 400  name=errSystemError

Any Ideas?

25 Replies 25

Is the problem on the web platform ?

Rodrigo;

  I cannot speak directly to the exact cause of the issue as it is being addressed by the business unit; but they have confirmed it is not a functional defect in the IPS software.

Scott

Scott,

Do you have a list of devices that are affected? Are the ASA-SSM-10 and ASA-SSC-AIP-5 affected?

Pascal

Pascal;

  At this time there is not a definitive list of the affected platforms.

Scott

Hello all,

This issue has been resolved. Please set your sensors' Auto Update URL to the default and allow the update to run again. Let us know if you continue to experience issues.

Thank you,

Blayne Dreier

Cisco TAC Escalation Team

**Please check out our Podcasts**

TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast

TAC IPS Media Series: https://supportforums.cisco.com/community/netpro/security/intrusion-prevention?view=tags&tags=tac_ips_media_series

I am experiencing a similar issue currently with a new SSC-5 module.  I am working with TAC, however reposne has been slow.  I can see traffic with Wireshark for 198.133.219.25 but I never see the traffic for 198.133.219.243 that I was told to allow on the firewall.  I also found it confusing that I need to create exceptions on the firewall for outbound traffic to these two IP addresses when I do not have to make any exceptions for any other outbound traffic.


Here is what I see:


IPS_Sensor# show stat host


Auto Update Statistics

   lastDirectoryReadAttempt = 09:03:09 GMT-06:00 Wed Jan 19 2011

    =   Read directory: https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

    =   Error: AutoUpdate exception: HTTP connection failed [1,110]

   lastDownloadAttempt = N/A

   lastInstallAttempt = N/A

   nextAttempt = 11:00:00 GMT-06:00 Wed Jan 19 2011 Auxilliary Processors Installed

IPS_Sensor# show clock

.09:24:05 GMT-06:00 Wed Jan 19 2011

I know this thread is a few months old, but am hoping to spark an interest here.


Thanks.

Mark

I had a simular issue on a 4240, could never see the traffic for 198.133.219.243, had firewall open etc.

What fixed it for me was at my firewall, going from a static NAT rule for the appliance to a dynamic rule for inside network to outside interface.

ConfederacionHJ
Level 1
Level 1

Our IPSs have been normally updated.


Thank you all again!

v_martynenko
Level 1
Level 1

Hi

I had same issue on ASA-SSM-10, IPS version 7.0(6)E4.

Auto Update is working now with default URL https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

Thank you,

Vladimir

Vladimir is that SSM-10 still working fine using Auto Update?

Yes it is.

Review Cisco Networking for a $25 gift card