cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2058
Views
0
Helpful
4
Replies

RVS4000 and Apple Mac Update Problem

marhkmarhk
Level 1
Level 1

I’m using an RVS4000 on a small network of 5 Apple Macs. This was recently installed so I’m working out the early problems.

When the Apple Software Update app (OS 10.6.4) runs it successfully finds new software - but, when it attempts to download the software SU can’t connect. I found that the router IPS software sees this as a CHAT ICQ login attempt -2. Comes usually from a network with IP addresses of 96.00.00.00. Aside from allowing all entry from this domain how can I solve this? This must have been reported before - but I can’t find it. Thanks.

4 Replies 4

Hi Mark,

From your description, it sounds like a signature may be firing on  traffic it should not be firing on. (That's what is called a 'false  positive').

What signature version are you running on your RVS4000 ?

The latest signature release for the RVS4000 Small Business router was released in June (version 1.42).

Signatures are constantly updated to reflect the current threats and to avoid false positives.

Please make sure to upgrade to the latest signature version.

You can download the Small Business Router signatures from:

http://tools.cisco.com/support/downloads/pub/ImageList.x?relVer=1.42&mdfid=282414013&sftType=Router+Intrusion+Prevention+System+%28IPS%29+Signature&optPlat=&nodecount=2&edesignator=null&modelName=Cisco+RVS4000+4-port+Gigabit+Security+Router+-+VPN&tre...

If you already are on the latest signature version, you may want to open a case with the Small Business Support team by calling 1-866 606 1866

Let me know if you have any further questions,

Stijn

Greetings Stijn,

Thanks for the reply.

I'm currently running 1.42. I did update the signature soon after getting the router.

I guess I’ll have to deal by phone with the SBS team as you suggest.

Strange, this should have been reported before if it is indeed a generic problem.

Mark

Hi Mark,

I have what sounds like the same problem, RVS4000, firmware V1.3.2.0, IPS Signature 1.42. Only, my network is a network of IBM PCs running Windoz XP SP3.

The symptom is that a download starts out well and runs for several (or 50 sometimes) MBytes OK and then suddenly halts. Sometimes retrys succeed in letting the download go a little farther, but it seems to just get slower and slower. I started looking at the connections my Browser (Internet Explorer 8.0.6001.18702) had open and discovered several connections to some strange sites. These appear to be servers that host a fixed IP address for downloads. One example is: a96-17-111-48.deploy.akamaitechnologies.com:http (96.17.111.48:80). There are other domains that seem to do the same thing.

It wasn't always this way. I installed the RVS4000 updates around 6/10/2010. Howver, my trouble didn't start until I tried to download a 3GByte Fedora 14 Linux update on 12/5/2010. The download ran OK for about 2.5 GBytes and then halted. From then on any large download almost always stopped part way through. Also, the limit of how many MBytes it would load before halting seemed to get shorter and shorter. Very wierd. It was only today that I took a good look at my firewall logs and noticed that some of the same IP addresses that were hosting the downloads were causing errors in the IPS log: "Chat ICQ Login attempt-2". When I searched the web for that message, this thread popped up.

I tried disabling the IPS function and my download completed. I now have IPS re-enabled with all categories enabled except for ICQ in the P2P/IM group. My downloads are working OK for now (what a relief).

I have wild paranoid theories about what has caused this :-) but I will wait until I do a little packet sniffing into what those servers are trying to do. If you or Stijn have more information about this problem, I'd be glad to hear it.

Ron

Ron,

I’m a physician with only a peripheral knowledge of these problems. However, I found that my problems stopped when I disabled IPS. Also, a considerable bandwidth hit caused by the IPS was avoided. (25 mbs download speed now up to 60 with IPS off, Comcast Cable)

FWIW, Apple uses Akami Tech for a lot of their software downloads. So I see it used a lot in my Mac network.

I do wish Cisco would review and update the IPS system in this router, so I can use it.

Sorry, not much help. If anything really feeds your paranoia be sure to let us know.

Mark

Review Cisco Networking for a $25 gift card