Pages

Tuesday, 8 May 2012

HOW TO UPGRADE THE CISCO IPS MODULE AIP-SSM


HOW TO UPGRADE THE CISCO IPS MODULE AIP-SSM


I have recently upgraded a few Intrusion Prevention System (IPS) modules which are embedded in ASA firewalls. The IPS models are AIP-SSM-20 which were upgraded from version 5.1 to 6.0
The AIP-SSM module can be accessed either through the ASA CLI (using “session 1” ) command, or via its dedicated management interface using SSH. I have already assigned an IP address to the IPS management interface, so I did all the upgrade via the management interface. You need also an FTP server to host the upgrade image files.
Lets see how to upgrade the AIP-SSM IPS module below:
FTP server address: 172.20.1.8
Upgrade file used: IPS-K9-6.0-1-E1.pkg (major upgrade from 5.1 to 6.0)
Signature upgrade file: IPS-sig-S338-req-E1.pkg
Note about signature files: the keyword “req-E1” in the signature filename means that it requires an E1 signature engine software installed.
After you log in to the sensor, use the “show ver” command to verify your current image version:
IPS# sh ver
Application Partition:
Cisco Intrusion Prevention System, Version 5.1(5)E1
Then upgrade using the “upgrade” command:
IPS# conf t
IPS(config)# upgrade ftp://test@172.20.1.8/IPS-K9-6.0-1-E1.pkg
Password: **********
Warning: Executing this command will apply a software update to the application partition. The system may be rebooted to complete the upgrade.
Continue with upgrade? []: yes
Broadcast Message from root@IPS
(somewhere) at 15:26 …
Applying update IPS-K9-6.0-1-E1.pkg. IPS applications will be stopped and system will be rebooted after upgrade completes .
Broadcast Message from root@IPS
(somewhere) at 15:26 …
Shutting down IPS applications. Applications will be restarted when update is complete..
IPS(config)#
***
***
*** Termination request from cids
***
Sensor is shutting down.This CLI session will be terminated
The sensor reboots by itself. Wait a few minutes and then log in again.
IPS# sh ver
Application Partition:
Cisco Intrusion Prevention System, Version 6.0(1)E1
As you can see the image is upgraded successfully. Now we need to upgrade the signature file as well.
IPS# conf t
IPS(config)# upgrade ftp://test@172.20.1.8/IPS-sig-S338-req-E1.pkg
Password: **********
Warning: Executing this command will apply a signature update to the application partition.
Continue with upgrade? []: yes
Broadcast Message from root@IPS
(somewhere) at 16:40 …
Applying update IPS-sig-S338-req-E1
Broadcast Message from root@IPS
(somewhere) at 16:42 …
Update complete
IPS(config)#

No comments:

Post a Comment