No AutoUpdate feature working on ASA-SSM-20 - Page 2

ConfederacionHJ · ‎11-17-2010

Hi!

Autoupdate feature is not working on ASA-SSM-20 module.

We have configure:

https://www.cisco.com//cgi-bin/front.x/ida/locator/locator.pl

And/Or:

https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

And/Or:

https://www.cisco.com/cgi-bin/front.x/ida/locator/locator.pl

And/Or:

https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

We get this errors on the ASA-SSM-20 module:

evError: eventId=1280563964539644086 vendor=Cisco severity=error
originator:
    hostId: sensor1
    appName: mainApp
    appInstanceId: 356
time: nov 17, 2010 08:15:45 UTC offset=60 timeZone=GMT+01:00
errorMessage: AutoUpdate exception: Receive HTTP response failed [3,212] name=errSystemError

evError: eventId=1280563964539644079 vendor=Cisco severity=error
originator:
    hostId: sensor1
    appName: mainApp
    appInstanceId: 356
time: nov 17, 2010 08:10:02 UTC offset=60 timeZone=GMT+01:00
errorMessage: http error response: 400 name=errSystemError

Any Ideas?

Rodrigo Gurriti · ‎11-17-2010

Is the problem on the web platform ?

Scott Fringer · ‎11-17-2010

Rodrigo;

I cannot speak directly to the exact cause of the issue as it is being addressed by the business unit; but they have confirmed it is not a functional defect in the IPS software.

Scott

pascal_parrot · ‎11-17-2010

Scott,

Do you have a list of devices that are affected? Are the ASA-SSM-10 and ASA-SSC-AIP-5 affected?

Pascal

Scott Fringer · ‎11-18-2010

Pascal;

At this time there is not a definitive list of the affected platforms.

Scott

Christopher Dreier · ‎11-18-2010

Hello all,

This issue has been resolved. Please set your sensors' Auto Update URL to the default and allow the update to run again. Let us know if you continue to experience issues.

Thank you,

Blayne Dreier

Cisco TAC Escalation Team

**Please check out our Podcasts**

TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast

TAC IPS Media Series: https://supportforums.cisco.com/community/netpro/security/intrusion-prevention?view=tags&tags=tac_ips_media_series

Mark^ · ‎01-19-2011

I am experiencing a similar issue currently with a new SSC-5 module. I am working with TAC, however reposne has been slow. I can see traffic with Wireshark for 198.133.219.25 but I never see the traffic for 198.133.219.243 that I was told to allow on the firewall. I also found it confusing that I need to create exceptions on the firewall for outbound traffic to these two IP addresses when I do not have to make any exceptions for any other outbound traffic.

Here is what I see:

IPS_Sensor# show stat host

Auto Update Statistics

lastDirectoryReadAttempt = 09:03:09 GMT-06:00 Wed Jan 19 2011

= Read directory: https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

= Error: AutoUpdate exception: HTTP connection failed [1,110]

lastDownloadAttempt = N/A

lastInstallAttempt = N/A

nextAttempt = 11:00:00 GMT-06:00 Wed Jan 19 2011 Auxilliary Processors Installed

IPS_Sensor# show clock

.09:24:05 GMT-06:00 Wed Jan 19 2011

I know this thread is a few months old, but am hoping to spark an interest here.

Thanks.

Mark

richardwiseman · ‎02-28-2011

I had a simular issue on a 4240, could never see the traffic for 198.133.219.243, had firewall open etc.

What fixed it for me was at my firewall, going from a static NAT rule for the appliance to a dynamic rule for inside network to outside interface.

ConfederacionHJ · ‎11-18-2010

Our IPSs have been normally updated.

Thank you all again!

v_martynenko · ‎12-06-2011

Hi

I had same issue on ASA-SSM-10, IPS version 7.0(6)E4.

Auto Update is working now with default URL https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

Thank you,

Vladimir

bbiandov · ‎02-12-2014

Vladimir is that SSM-10 still working fine using Auto Update?

v_martynenko · ‎02-12-2014

Yes it is.