Troubleshooting IPS Auto-updates:
This document explains how to troubleshoot the issue of IPS not auto-updating the signatures.
1. From IME or IDM:
Configuration> sensor management> auto/cisco.com update
On the page: Click enable signatures and engine updates from cisco.com
Type your cisco.com username and password. Make sure the credentials are correct.
The cisco.com url should be set to: https://18.104.22.168//cgi-bin/front.x/ida/locator/locator.pl
Notice the " // " after the ip address. This is correct and make sure the url is exactly the same.
2. Make sure there is an exception on the firewall that allows connections to port 443 and port 80.
The reason for this is IPS will make two connections when doing auto-updates
1) to origin-www.cisco.com:443 to check the repository and
2) to software-sj.cisco.com:80 to download any available updates.
origin-www.cisco.com.443 - 22.214.171.124:443
software-sj.cisco.com.80 - 126.96.36.199:80
3. After making sure 1 & 2 are verified then we can test auto update:
Do a " show clock " in the cli, note down the time and then set the time for auto/update a min after that.
Check the Frequency: 'hourly ' Start time: a couple of mins later that the current time seen in 'show clock'
4. Open a cli session, and type " show stat host " in the output, there is a section : " Auto update statistics "
This will show if the update went successful.
Auto Update Statistics
lastDirectoryReadAttempt = 14:46:24EST Wed Nov 18 2009
= Read directory: https://188.8.131.52//cgi-bin/front.x/ida/locator/locator.pl
= Success:No installable auto update package found on server lastDownloadAttempt <--
= 20:41:35 EST Fri Nov 13 2009 lastInstallAttempt
= 20:42:50 EST Fri Nov 13 2009 nextAttempt = 15:46:20 EST Wed Nov 18 2009
5. You can also manually update the signatures by downloading them to your p.c and then using FTP to transfer it over.
Download link: http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278875311
6. Make sure you are running the latest analysis engine update in your IPS software (indicated by the E# designator in the version string).
Signature updates are written for a specific analysis engine release and require the same analysis engine as indicated in the signature update file name (IPS-sig-Sxxx-req-E#.pkg).
IPS system, engine, and signature software from Cisco.com:
http://www.cisco.com/go/ips=> Download Software