Cisco IPS 7.1 Installation Guide Page 324

  • Download
  • Add to my manuals
  • Print
  • Page
    / 422
  • Table of contents
  • TROUBLESHOOTING
  • BOOKMARKS
  • Rated. / 5. Based on customer reviews
Page view 323
E-54
Cisco Intrusion Prevention System Appliance Hardware Installation Guide for IPS 7.1
OL-24002-01
Appendix E Troubleshooting
Troubleshooting the Appliance
If you are using SCP, make sure you have added the SSH host key to the known hosts list.
If you get an unauthorized error message while configuring an automatic update, make sure you
have the correct ports open on any firewalls between the sensor and Cisco.com. For example, you
need port 443 for the initial automatic update connection to www.cisco.com, and you need port 80
to download the chosen package from a Cisco file server. The IP address may change for the Cisco
file server, but you can find it in the lastDownloadAttempt section in the output of the show
statistics host command.
Try the manual upgrade command before attempting the automatic update. If it works with the upgrade
command and does not work with the automatic update, try the following:
Determine which IPS software version your sensor has.
Make sure the passwords are configured for automatic update. Make sure they match the same
passwords used for manual update.
Make sure that the filenames in the FTP server are exactly what you see on Downloads on
Cisco.com. This includes capitalization. Some Windows FTP servers allow access to the file with
the incorrect capitalization but the sensor ultimately rejects the file because the name has changed.
If necessary, run TCPDUMP on automatic update. You can compare the successful manual update
with the unsuccessful automatic update and troubleshoot from there.
For More Information
For the procedure for creating the service account, see Creating the Service Account, page E-5.
For the procedure for reimaging your sensor, see Chapter D, “Upgrading, Downgrading, and
Installing System Images.
For the procedure for adding hosts to the SSH known hosts list, refer to Adding Hosts to the SSH
Known Hosts List.
For the procedure for determining the software version, see Version Information, page E-82.
Updating a Sensor with the Update Stored on the Sensor
You can store the update package in the /var directory on the sensor and update the sensor from there if
you need to.
To update the sensor with an update stored on the sensor, follow these steps:
Step 1 Log in to the service account.
Step 2 Obtain the update package file from Cisco.com.
Step 3 FTP or SCP the update file to the sensor /usr/cids/idsRoot/var directory.
Step 4 Set the file permissions:.
chmod 644 ips_package_file_name
Step 5 Exit the service account.
Step 6 Log in to the sensor using an account with administrator privileges.
Step 7 Store the sensor host key.
sensor# configure terminal
sensor(config)# service ssh
sensor(config-ssh)# rsa1-keys sensor_ip_address
Page view 323
1 ... 323 324 325 ... 422

Comments to this Manuals

No comments