10-24-2013 04:07 AM - edited 03-10-2019 06:04 AM
Hi,
I have a problem with auto-update. My configuration:
ida-client server url https://www.cisco.com/cgi-bin/front.x/ida/locator/locator.pl
ip ips config location flash:ips retries 1
ip ips notify SDEE
ip ips name myips
!
ip ips signature-category
category all
retired true
category ios_ips advanced
retired false
!
ip ips auto-update
occur-at weekly 0-6 52 0-23
cisco
username xxxxxxxxx password xxxxxxxxx
ip sdee messages 500
ip sdee alerts 2000
crypto pki certificate chain root
certificate ca 020000B9
30820377 3082025F A0030201 02020402 0000B930 0D06092A 864886F7 0D010105
0500305A 310B3009 06035504 06130249 45311230 10060355 040A1309 42616C74
696D6F72 65311330 11060355 040B130A 43796265 72547275 73743122 30200603
55040313 1942616C 74696D6F 72652043 79626572 54727573 7420526F 6F74301E
170D3030 30353132 31383436 30305A17 0D323530 35313232 33353930 305A305A
310B3009 06035504 06130249 45311230 10060355 040A1309 42616C74 696D6F72
65311330 11060355 040B130A 43796265 72547275 73743122 30200603 55040313
1942616C 74696D6F 72652043 79626572 54727573 7420526F 6F743082 0122300D
06092A86 4886F70D 01010105 00038201 0F003082 010A0282 010100A3 04BB22AB
983D57E8 26729AB5 79D429E2 E1E89580 B1B0E35B 8E2B299A 64DFA15D EDB00905
6DDB282E CE62A262 FEB488DA 12EB38EB 219DC041 2B01527B 8877D31C 8FC7BAB9
88B56A09 E773E811 40A7D1CC CA628D2D E58F0BA6 50D2A850 C328EAF5 AB25878A
9A961CA9 67B83F0C D5F7F952 132FC21B D57070F0 8FC012CA 06CB9AE1 D9CA337A
77D6F8EC B9F16844 424813D2 C0C2A4AE 5E60FEB6 A605FCB4 DD075902 D4591898
63F5A563 E0900C7D 5DB2067A F385EAEB D403AE5E 843E5FFF 15ED69BC F9393672
75CF7752 4DF3C990 2CB93DE5 C923533F 1F249821 5C079929 BDC63AEC E76E863A
6B977463 33BD6818 31F0788D 76BFFC9E 8E5D2A86 A74D90DC 271A3902 03010001
A3453043 301D0603 551D0E04 160414E5 9D593082 4758CCAC FA085436 867B3AB5
044DF030 12060355 1D130101 FF040830 060101FF 02010330 0E060355 1D0F0101
FF040403 02010630 0D06092A 864886F7 0D010105 05000382 01010085 0C5D8EE4
6F516842 05A0DDBB 4F272584 03BDF764 FD2DD730 E3A41017 EBDA2929 B6793F76
F6191323 B8100AF9 58A4D461 70BD0461 6A128A17 D50ABDC5 BC307CD6 E90C258D
86404FEC CCA37E38 C637114F EDDD6831 8E4CD2B3 0174EEBE 755E0748 1A7F70FF
165C84C0 7985B805 FD7FBE65 11A30FC0 02B4F852 373904D5 A9317A18 BFA02AF4
1299F7A3 4582E33C 5EF59D9E B5C89E7C 2EC8A49E 4E08144B 6DFD706D 6B1A63BD
64E61FB7 CEF0F29F 2EBB1BB7 F2508873 92C2E2E3 168D9A32 02AB8E18 DDE91011
EE7E35AB 90AF3E30 947AD033 3DA7650F F5FC8E9E 62CF4744 2C015DBB 1DB532D2
47D2382E D0FE81DC 326A1EB5 EE3CD5FC E7811D19 C32442EA 6339A9
quit
crypto pki certificate chain sub
certificate ca 0727370C
3082041B 30820303 A0030201 02020407 27370C30 0D06092A 864886F7 0D010105
0500305A 310B3009 06035504 06130249 45311230 10060355 040A1309 42616C74
696D6F72 65311330 11060355 040B130A 43796265 72547275 73743122 30200603
55040313 1942616C 74696D6F 72652043 79626572 54727573 7420526F 6F74301E
170D3130 30393038 31373335 31365A17 0D323030 39303831 37333430 385A3046
31173015 06035504 0A130E43 79626572 74727573 7420496E 63312B30 29060355
04031322 43796265 72747275 73742050 75626C69 63205375 72655365 72766572
20535620 43413082 0122300D 06092A86 4886F70D 01010105 00038201 0F003082
010A0282 010100A3 BA998DB7 E1CD7388 F9B9DDDE F405F325 F53FC552 1E515A3F
9AFF4D84 B7507FF1 108A5D7F 64551C3B A3F3FF97 7F1C4BED 6F7FE954 EC972A42
03677FB9 C86CA297 F8409324 C3255EA5 668B86BD D7B92622 6ED26683 B378C17C
587611EB 16554732 F0B93410 BD8F26A2 2568C114 2BA273D6 663D4487 5C137F58
91623D57 7F6CAE42 E8127EBD 78F1F1AC 5C356068 45BC5373 87111DC5 2EFA6035
DA91F9DA F2556CBF CAA2575C C864BCA9 5B15A0FC 1CF3442E BD06F268 D8402DBB
B3612592 93251C77 4690BFD0 AFB783A0 3C875EA5 91A8FFC1 311BB64B AC123408
D5DBEC89 876306A7 53F8D5F5 E666AC5E 846546C9 F43A250F 6CCC0F66 B89A55A1
466CFC91 235FBD02 03010001 A381FC30 81F93012 0603551D 130101FF 04083006
0101FF02 0100304F 0603551D 20044830 46304406 092B0601 0401B13E 01323037
30350608 2B060105 05070201 16296874 74703A2F 2F637962 65727472 7573742E
6F6D6E69 726F6F74 2E636F6D 2F726570 6F736974 6F727930 0E060355 1D0F0101
FF040403 02010630 1F060355 1D230418 30168014 E59D5930 824758CC ACFA0854
36867B3A B5044DF0 30420603 551D1F04 3B303930 37A035A0 33863168 7474703A
2F2F6364 70312E70 75626C69 632D7472 7573742E 636F6D2F 43524C2F 4F6D6E69
726F6F74 32303235 2E63726C 301D0603 551D0E04 16041404 9860DF80 1B96495D
65562DA5 2C09240A ECDCB930 0D06092A 864886F7 0D010105 05000382 0101005F
DF8BCF29 79782BF3 7CF4825F 79E0E1B3 28BD0875 41CE8C88 D70E55B9 02B50579
3EBB5231 B34B1EB1 FED3A221 43D291D3 16FA6B79 E48E4D19 EC4C8668 3452B76F
C2BD9C78 BEF06F3F 3D9E9F49 74C47C97 194557AC 6FFA5A3E 3FD3D6E3 2BDC8AF8
C80A0D6B 8C3F9478 37988861 91DF5914 0F09C563 54FBF4F6 AF97ECFC 636443A6
BCCCE4E3 1FDF73B0 6EF7B5C8 299BAE25 52B8B472 E1DE9348 F1289F7E 663F3F8B
550FF816 077105D7 659CD71B 3C34E644 163ABDD8 60938383 0C889665 3340DF6A
ACFFFE94 5161BB89 3FF7ACC4 E4B347E2 FDA26A32 83E27E6F F0128EA3 66764097
FB11E1F7 731FDA8B 1C31428B 9F11C549 A560ED48 2B058415 AB2F8A2C 5172C0
quit
crypto key pubkey-chain rsa
named-key realm-cisco.pub signature
key-string
30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
00C19E93 A8AF124A D6CC7A24 5097A975 206BE3A2 06FBA13F 6F12CB5B 4E441F16
17E630D5 C02AC252 912BE27F 37FDD9C8 11FC7AF7 DCDD81D9 43CDABC3 6007D128
B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624 7E0764BF 3E53053E
5B2146A9 D7A5EDE3 0298AF03 DED7A5B8 9479039D 20F30663 9AC64B93 C0112A35
FE3F0C87 89BCB7BB 994AE74C FA9E481D F65875D6 85EAF974 6D9CC8E3 F0B08B85
50437722 FFBE85B9 5E4189FF CC189CB9 69C46F9C A84DFBA5 7A0AF99E AD768C36
006CF498 079F88F8 A3B3FB1F 9FB7B3CB 5539E1D1 9693CCBB 551F78D2 892356AE
2F56D826 8918EF3C 80CA4F4D 87BFCA3B BFF668E9 689782A5 CF31CB6E B4B094D3
F3020301 0001
quit
debug ip ips auto-update
debug ida-client
ips signature update cisco
Translating "www.cisco.com"...domain server (194.204.152.34) [OK]
Fail to connect to cisco.com
IPS Direct Download - Retrying ...
Fail to connect to cisco.com
REMMED-Router#
Oct 24 10:58:37.711: Username and password from configuration
Oct 24 10:58:37.711: User has selected to download the latest version of SDF available.
Oct 24 10:58:37.711: IDA: SSL support present
Oct 24 10:58:37.711: IDA: HTTP register Succesful
Oct 24 10:58:37.711: IDA: XML Parser init Succesful
Oct 24 10:58:37.831: IDA: Locator request send succesful
Oct 24 10:58:39.299: IDA: HTTP enqueue response message
Oct 24 10:58:39.299: IDA: HTTP response message length: 743
Oct 24 10:58:39.299: IDA: Queue Event: Received response
Oct 24 10:58:39.299: IDA: Exception message received
Oct 24 10:58:39.299: IDA: Exception:status code:005 timestamp:2013/10/24/03:58:39 message:Invalid MDF ID helpUrl:
Oct 24 10:58:39.299: IDA: Exception: Invalid MDF ID
Oct 24 10:58:39.299: IDA: Exception in response
Oct 24 10:58:39.299: IDA: HTTP unregister successful
Oct 24 10:58:39.299: IDA: XML Parser destroy successful
Oct 24 10:58:39.299: IPS Auto Update: ida_connect() failed.
Oct 24 10:58:39.299: IPS Auto-update: Request for download failed!
Oct 24 10:58:39.299: IDA: SSL support present
Oct 24 10:58:39.303: IDA: HTTP session not established
Oct 24 10:58:39.303: IDA: HTTP register Failed
Oct 24 10:58:39.303: IPS Auto Update: ida_connect() failed.
Oct 24 10:58:39.303: IPS Auto-update: Request for download failed!
Could you help me out?
10-24-2013 07:39 AM
IOS IPS auto-update is no longer available:
I will try to have the bug ID for you,
Regards,
Jcarvaja
10-24-2013 08:21 AM
Hmm, interesting. Does that mean we have to manually update signatures on IOS IPS?
Jon Peckham.
10-28-2013 01:14 AM
IOS IPS auto update from cisco.com is disabled as of now. You may want to check this for more info:
http://tools.cisco.com/security/center/viewBulletin.x?bId=566&year=2013
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide