Network technologies and trends

May 9 2013   10:47PM GMT

What is the error “Signature Auto Update Fails with Error HTTP connection failed [1, 110] “ in Cisco IPS sensors?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

 

Recently, I configured our Cisco IPS Sensors modules SSM-40 installed in the Cisco ASA 5540 and Cisco IPS 4270 sensor to auto update the signature behind our Blue Coat Proxy SG, upon configuration, I discovered that the auto updates failed. When I tried to know status by using Cisco IOS command.

 “show statistics host” I discovered the auto updates failed, and the command was giving the following errors

IPS#show statistics host

Auto Update Statistics

lastDirectoryReadAttempt = 19:31:09 CST Thu May 9 2013

= Read directory: https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

= Error: AutoUpdate exception: HTTP connection failed [1,110]   <–

lastDownloadAttempt = 19:08:10 CST Thu May 9 2013

lastInstallAttempt = 19:08:44 CST Thu May 9 2013

nextAttempt = 19:35:00 CST Thu May 9 2013

These errors generally observed in IPS sensors running 7.0(7) and 7.0(8) due to a bug “CSCub08230”. In order to overcome this problem available work around is either to download the signature update package manually from Cisco.com and apply the updates manually to the IPS sensors or to upgrade the Cisco IPS sensors to latest  update of 7.2.

The strange thing is that the IPS Sensors were communicating with the Cisco Servers they could be able to connect bypass the proxy servers as shown in my below capture.

IPS capture

However, they failed to update signature simply because the initial connection to the locator service is performed using the HTTPS connection, and the once sensor is authenticated by the digital certificate provided by the server. The connection is switched over to HTTP for the auto-update process. This changer over from HTTPS to HTTP is failing due to the bug “CSCub08230

Hence, temporarily I was forced to revert my configuration and allow IPS sensors to communicate directly with Cisco servers bypassing our bluecoat proxy server.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: