Upgrade ASA-SSM-10 via FTP

Similar Messages

• Upgrading IPS strings, ASA SSM-10 module

  I am having a challenging time upgrading the ASA SSM-10 IPS module. I down loaded the IPS-sig-s327-req-e1.pkg to Win XP ftp server (my workstation). The instructions in following does not work: http://download-sj.cisco.com/cisco/ciscosecure/ips/6.x/sigup/IPS-sig-S327.readme.txt
  "error: execUpgradeSoftware : Connect failed". Any suggestion would be appreciated.

  I can connect the LAN switch directly to the inside interface of the ASA5510 firewall. Hosts can get Internet connectivity while cabled to the switch. However, when the LAN switch is connected to the port on the IPS module, there is no Internet connectivity. Any suggestions would be appreciated. The following is the sh configuration and sh int output.
  sh con_[Jfiguration
  Version 5.1(6)
  ! Current configuration last modified Sat Apr 05 12:28:11 2008
  service interface
  exit
  service analysis-engine
  virtual-sensor vs0
  physical-interface GigabitEthernet0/1
  exit
  exit
  service authentication
  exit
  service event-action-rules rules0
  exit
  service host
  network-settings
  host-ip 192.168.1.36/24,192.168.1.10
  host-name ips
  telnet-option enabled
  --MORE--
  access-list 0.0.0.0/0
  exit
  time-zone-settings
  offset 0
  standard-time-zone-name UTC
  exit
  exit
  service logger
  exit
  service network-access
  exit
  service notification
  exit
  service signature-definition sig0
  exit
  service ssh-known-hosts
  exit
  service trusted-certificates
  --MORE--
  exit
  service web-server
  exit
  ips# sh inter_[Jfaces _[2C
  Interface Statistics
  Total Packets Received = 6806
  Total Bytes Received = 2001784
  Missed Packet Percentage = 0
  Current Bypass Mode = Auto_off
  MAC statistics from interface GigabitEthernet0/1
  Interface function = Sensing interface
  Description =
  Media Type = backplane
  Missed Packet Percentage = 0
  Inline Mode = Unpaired
  Pair Status = N/A
  Link Status = Up
  Link Speed = Auto_1000
  Link Duplex = Auto_Full
  Total Packets Received = 6807
  Total Bytes Received = 2001866
  Total Multicast Packets Received = 0
  Total Broadcast Packets Received = 0
  Total Jumbo Packets Received = 0
  Total Undersize Packets Received = 0
  Total Receive Errors = 0
  Total Receive FIFO Overruns = 0
  Total Packets Transmitted = 6807
  --MORE--
  Total Bytes Transmitted = 2017118
  Total Multicast Packets Transmitted = 0
  Total Broadcast Packets Transmitted = 0
  Total Jumbo Packets Transmitted = 0
  Total Undersize Packets Transmitted = 0
  Total Transmit Errors = 0
  Total Transmit FIFO Overruns = 0
  MAC statistics from interface GigabitEthernet0/0
  Interface function = Command-control interface
  Description =
  Media Type = TX
  Link Status = Down
  Link Speed = N/A
  Link Duplex = N/A
  Total Packets Received = 126
  Total Bytes Received = 14255
  Total Multicast Packets Received = 0
  Total Receive Errors = 0
  Total Receive FIFO Overruns = 0
  Total Packets Transmitted = 1
  Total Bytes Transmitted = 64
  Total Transmit Errors = 0
  Total Transmit FIFO Overruns = 0

• ASA SSM IPS module upgrade won't work

  Hello all,
  I'm trying to upgrade the IPS sig's on an ASA5520 with a SSM IPS module. I'm trying to upgrade the system to 5.1.1 to further upgrade the device with no luck.
  I followed these steps provided by Cisco.com:
  1. Log in to the ASA.
  2. Enter enable mode:
  asa# enable
  3. Configure the recovery settings for ASA-SSM:
  asa (enable)# hw-module module 1 recover configure
  NOTE: If you make an error in the recovery configuration, use the
  hw-module module 1 recover stop command to stop the system reimaging
  and then you can correct the configuration.
  4. Specify the TFTP URL for the system image:
  Image URL [tftp://0.0.0.0/]:
  Example:
  Image URL [tftp://0.0.0.0/]: tftp://10.20.30.40/IPS-SSM-K9-sys-1.1-a-5.1-1.img
  5. Specify the command and control interface of ASA-SSM:
  Port IP Address [0.0.0.0]:
  Example:
  Port IP Address [0.0.0.0]: 11.21.31.41
  6. Leave the VLAN ID at 0.
  VLAN ID [0]:
  7. Specify the default gateway of the ASA-SSM:
  Gateway IP Address [0.0.0.0]:
  Example:
  Gateway IP Address [0.0.0.0]: 11.22.33.44
  8. Execute the recovery:
  asa# hw-module module 1 recover boot
  9. Periodically check the recovery until it is complete.
  NOTE: The status reads "Recovery" during recovery and reads "Up" when
  reimaging is complete.
  AFter #8 it just goes back to the enable prompt. A 'sh module' lists the device as 'recover' and hangs FOREVER.... I tested the TFTP server which the new image resides on, and the TFTP is working fine. I don't see any attempts or downloads from the TFTP server for over an hour.
  I opened a Ciscop TAC on this and not receiving alot of help...
  Please help!!!:)
  Thanks
  Chris Serafin
  [email protected]

  The recovery using this method can takes upwards of 30 minutes, and in some cases even longer.
  How long have you left the SSM in the "recovery" state?
  There may be something wrong in the config you entered. when that happens the SSM can go into a continuous reboot cycle trying to do the recovery.
  Execute "debug module-boot" on the console of the ASA.
  The debug output will show you the ROMMON output of the SSM itself. (The SSM has it's own ROMMON. The recovery boot command sends the settings made during the recover configure command to the SSM's ROMMON).
  If the ROMMON is experiencing a problem in trying to download the tftp image you should now see that ROMMON error message.
  Some typical problems I have seen:
  1) Wrong IP given for the sensor.
  2) Wrong IP given for the gateway (the gateway must exist on the same network as the sensor) this problem usually happens when using a non-standard netmasked network.
  3) Not having the sensor's command and control port plugged into the right network. The external port of the SSM itself is where the IP is being applied. You need to ensure that the extenral port of the SSM is plugged into the right network for that IP.
  4) The tftp server is not reachable from the network where the sensor's command and control port is attached. Some users think that if the ASA itself can reach the tftp server that the SSM will also be able to. This is not always the case. It is best to use a tftp server on the same network as the IP provided to the SSM. Or to test the tftp server from another machine on the same network as the SSM.
  5) The file name is wrong. Check the captialization especially.
  6) The file is not in the default directory on the tftp server. If the file is in a subdirectory you will need to add that subdirectory to the URL:
  tftp://10.20.30.40/subdirectoryname/filename
  7) The tftp is timing out.
  There are 2 things that can cause this:
  a) The tftp server is remote, and it takes too long to download the file. The ROMMON does have limits on the number of retries and per packet timeouts (but they are not user configurable). Try using a tftp server local to the SSM.
  b) The switch that the SSM connects to has spanning-tree running and spanning-tree does not complete before the SSM ROMMON times out for the tftp attempt. The tftp attempt happens immediately upon ROMMON startup and link up. But with a switch the switch port may be in a "Listen" or "Learn" state for 40 seconds before the box can actually talk on the network. In some cases the tftp download attempts started as soon as link up, and may timeout even before the spanning-tree completes. To work around this configure "spanning-tree portfast" on the switchport. Spanning-tree will connect the port into the vlan immediately rather than 40 seconds later.
  If it was a config problem when configuring the recovery settings, then there is a "recover stop" command on the ASA.
  It will stop the reboot cycle from happening.
  Let the module come up with the old image.
  Then correct your "recover configure" settings, and try the "recover boot" again.
  Another alternative:
  Stop the recovery "recover stop"
  Let it boot into the old image.
  If it was a 5.0 version, then you can actually upgrade to 5.1 using the sensor's own CLI "upgrade" command. It is actually the preferred method.
  The "recover" from the ASA will wipe the box clean and load a fresh image.
  The "upgrade" from the sensor will convert your 5.0 config into a 5.1 config while installing 5.1.
  5.1 upgrade file:
  IPS-K9-min-5.1-1g.pkg
  http://www.cisco.com/cgi-bin/tablebuild.pl/ips5
  It can be applied through the sensor's CLI upgrade command, or pushed directly through IDM, or applied by CSM.
  The "recover" should be limited to disaster recovery. When you can't access the SSM at all, or the files on the SSM have been corrupted.
  For normal upgrades you want to use "upgrade" files done through the sensor itelf (CLI, IDM, or CSM).

• Upgrade AIP SSM with Signature Engine 4 file

  When I tried to upload Signature Engine 4 file (IPS-engine-E4-req-7.0-2.pkg),  using FTP server both by CLI and IDM, to new AIP SSM sensor, I got the following  error message:
  Cannot upgrade software on the sensor - socket error:110.
  When I tried to do the same by using these steps: IDM --> Configuration  --> Sensor Management --> Update Sensor --> choose Update is located on  this client --> choose the "IPS-K9-7.0-2-E4.pkg" file --> hit the "Update  Sensor" button, I got the following error message
  The current signature level is S480.The current signature level must be  less than s480 for this package to install.
  Here is the output for sh ver command
  AIP_SSM# sh version
  Application Partition:
  Cisco Intrusion Prevention System, Version 7.0(2)E4
  Host:
      Realm Keys          key1.0
  Signature Definition:
      Signature Update    S480.0                   2010-03-24
  OS Version:             2.4.30-IDS-smp-bigphys
  Platform:               ASA-SSM-10
  Serial Number:          JAF1514BAHS
  Licensed, expires:      07-Jun-2012 UTC
  Sensor up-time is 21 days.
  Using 695943168 out of 1032495104 bytes of available memory (67% usage)
  system is using 17.4M out of 38.5M bytes of available disk space (45% usage)
  application-data is using 45.4M out of 166.8M bytes of available disk space (29% usage)
  boot is using 41.6M out of 68.6M bytes of available disk space (64% usage)
  application-log is using 123.5M out of 513.0M bytes of available disk space (24% usage)
  MainApp            B-BEAU_2009_OCT_15_08_07_7_0_1_111   (Ipsbuild)   2009-10-15T08:09:06-0500   Running
  AnalysisEngine     BE-BEAU_E4_2010_MAR_25_02_09_7_0_2   (Ipsbuild)   2010-03-25T02:11:05-0500   Running
  CollaborationApp   B-BEAU_2009_OCT_15_08_07_7_0_1_111   (Ipsbuild)   2009-10-15T08:09:06-0500   Running
  CLI                B-BEAU_2009_OCT_15_08_07_7_0_1_111   (Ipsbuild)   2009-10-15T08:09:06-0500
  Upgrade History:
    IPS-K9-7.0-2-E4   02:00:07 UTC Thu Mar 25 2010
  Recovery Partition Version 1.1 - 7.0(2)E4
  Host Certificate Valid from: 30-May-2011 to 30-May-2013
  Any idea what could be the problem?
  Regards,

  Based on your show version, you already have E4, what is it that you are trying to do?
  Mike

• Upgrade AIP-SSM-10 to E4

  Hello, I am trying to upgrade from e3 to e4 and then upgrade my software...
  here is a show version
  Cisco Intrusion Prevention System, Version 6.2(2)E3
  Host:
      Realm Keys          key1.0
  Signature Definition:
      Signature Update    S479.0                   2010-03-19
      Virus Update        V1.4                     2007-03-02
  OS Version:             2.4.30-IDS-smp-bigphys
  Platform:               ASA-SSM-10
  Serial Number:        
  Licensed, expires:     
  Sensor up-time is 171 days.
  Using 674635776 out of 1032499200 bytes of available memory (65% usage)
  application-data is using 43.5M out of 166.8M bytes of available disk space (28% usage)
  boot is using 40.1M out of 68.6M bytes of available disk space (62% usage)
  MainApp          E-ECLIPSE_2009_SEP_14_13_21_6_2_1_119   (Ipsbuild)   2009-09-14T13:22:32-0500   Running
  AnalysisEngine   E-ECLIPSE_2009_SEP_14_13_21_6_2_1_119   (Ipsbuild)   2009-09-14T13:22:32-0500   Running
  CLI              E-ECLIPSE_2009_SEP_14_13_21_6_2_1_119   (Ipsbuild)   2009-09-14T13:22:32-0500
  Upgrade History:
  * IPS-K9-6.2-2-E3           10:33:06 UTC Tue Sep 22 2009
    IPS-sig-S479-req-E3.pkg   12:17:09 UTC Tue Jun 22 2010
  Recovery Partition Version 1.1 - 6.2(2)E3
  Host Certificate Valid from: 15-Jun-2010 to 15-Jun-2012
  I understood that I can upgrade to IPS-engine-E4-req-7.0-2.pkg but when I try this from the asdm or from the cli, here is the output from the cli:
  IPS-1(config)# upgrade ftp://N****@***.**.**.**//IPSengine-E4-req-7.0-2.pkg
  Password: ********
  The filename IPSengine-E4-req-7.0-2.pkg is not a valid upgrade file type.
  Continue with upgrade? []: no
  IPS-1(config)# upgrade ftp://N****@***.**.**.**//IPSengine-E4-req-6.2-2.pkg
  Password: ********
  The filename IPSengine-E4-req-6.2-2.pkg is not a valid upgrade file type.
  Continue with upgrade? []: no
  IPS-1(config)# end
  do I want to just go ahead with the upgrade? even though it is telling me its not a valid upgrade type?
  thanks for any help...

  You can only upgrade using the IPS-engine-E4-req-7.0-2.pkg file if you are already running the latest version on that major version: 7.02(E3).
  So since you are running version 6.2.2(E3) at the moment, I would suggest that you upgrade the module to the latest E4 directly using this upgrade file:
  IPS-K9-7.0-4-E4.pkg
  Here is the readme file for 7.0.4(E4):
  http://www.cisco.com/web/software/282549709/35783/IPS-7_0-4-E4_readme.txt
  Hope that helps.

• Cannot connect to cFP-2120 via FTP

  I am using several cFP-2120 running LV RT 8.2.1 with the FieldPoint drivers version 5.0.1. for process control and data acquisition. All data are logged to a file and broadcasted via network-shared variables. The data files can be downloaded using an external ftp client. Lately, two of our units have been giving me some trouble as I sometimes can not access the cFP2120s via ftp. I can ping the unit on the network though, all programs are still running and I can still access the network-shared variables. Only a reset of the controller seems to solve the issue.
  Any pointers would be greatly appreciated.
  Volker 

  Kyle,
  Thanks again for contributing.
  > Can you only connect one time after you reset and it stops working if you try to reconnect shortly there after or does it work for awhile and then eventually it stops working?
  After we reset the controller it seems to always work for awhile before it stops working again.
  > Are you using the controller to perform any other tcp communications with an other servers, besides the network shared variables? 
  Our system is configured as a slave on a Modbus TCP network and is queried typically once a minute.
  > Whats your memory usage on the cFP? Do you have the System State Publisher software loaded? Try connecting with DSM and see how much CPU and Memory usage you are using.
  No, I havent done this yet. I think this was instroduced with LV8.6? I just upgraded to the latest LV version and will investigate. This will take a week though.
  > Can you check the timeouts in MAX to make sure they didn't get changed? Right click on the cFP and select Communication Timeout Settings. From stock they should be 15000 ms.
  The timeout in MAX is still 15000ms.
  > Are these cFP dedicated to just this one task or are they reconfigured from time to time?
  We only reconfigure these units when we upgrade the software. This has been less frequent lately and happens maybe once a year.
  All the best,
  Volker

• How to do a factory reset ASA-SSM-10?

  Hi.
  I forgot the user for management a IPS SSM-10, when i follow the procedure to reset the password for cisco user, i can get into the module, i change the password and every thing is OK, but when i tried to configure y don´t have rights to do anything.
  if i see the privileges for the user cisco this is the result
  EDGE-IPS2# sh user
      CLI ID   User    Privilege
  *   4143     cisco   viewer
  Application Partition:
  Cisco Intrusion Prevention System, Version 6.1(1)E2
  Host:
      Realm Keys          key1.0
  Signature Definition:
      Signature Update    S364.0                   2008-10-24
      Virus Update        V1.4                     2007-03-02
  OS Version:             2.4.30-IDS-smp-bigphys
  Platform:               ASA-SSM-10
  Serial Number:          JAF1208BNPP
  License expired:        20-Jun-2009 UTC
  Sensor up-time is 1:09.
  Using 657850368 out of 1032495104 bytes of available memory (63% usage)
  system is using 17.7M out of 29.0M bytes of available disk space (61% usage)
  application-data is using 41.5M out of 166.8M bytes of available disk space (26% usage)
  boot is using 40.5M out of 68.6M bytes of available disk space (62% usage)
  MainApp          M-2008_APR_24_19_16    (Release)   2008-04-24T19:49:05-0500   Running
  AnalysisEngine   ME-2008_JUN_05_18_26   (Release)   2008-06-05T18:55:02-0500   Running
  CLI              M-2008_APR_24_19_16    (Release)   2008-04-24T19:49:05-0500
  Upgrade History:
  * IPS-K9-6.1-1-E2           22:40:50 UTC Tue Feb 26 2013
    IPS-sig-S364-req-E2.pkg   18:43:20 UTC Wed Nov 12 2008
  Recovery Partition Version 1.1 - 6.1(1)E2
  Host Certificate Valid from: 17-Nov-2008 to 18-Nov-2010
  What can i do in this case?
  IPS Info
  Getting details from the Service Module, please wait...
  ASA 5500 Series Security Services Module-10
  Model:              ASA-SSM-10
  Hardware version:   1.0
  Serial Number:      JAF1208BNPP
  Firmware version:   1.0(11)4
  Software version:   6.1(1)E2
  MAC Address Range:  001e.f710.5b6c to 001e.f710.5b6c
  App. name:          IPS
  App. Status:        Up
  App. Status Desc:
  App. version:       6.1(1)E2
  Data plane Status:  Up
  Status:             Up
  Mgmt IP addr:       X.X.X.X
  Mgmt web ports:     443
  Mgmt TLS enabled:  

  The process will normally use the following command:
  hw-module module 1 password-reset
  It will reload the ASA and when loggin back the "Cisco" username will have admin rights.
  If this is not your case, a re-image of the unit will be the next step, keep in mind that this will remove all the custom config.

• ASA-SSM-40

  I have an ASA-SSM-40 in an ASA 5540.  A couple of days ago, the IPS went into bypass mode and I could figure out why.  I reloaded the image with version 7.0.6 E4.  I lost the config and have now reconfigured it.  I cannot ping the device from anywhere, but I can ping out from the device.  The config looks the same as all the other SSM's we have installed at other sites.  I'm using the same IP address, and the ASA is still configured as it was before when it was working.  Obviously I can't web to the device either.

  I reimaged again with version 7.0.4 E4 and got everything working again.  Will try later to upgrade to 7.0.6.

• Update ASA-SSM-CSC-10 module

  Hi,
  I'm not able to update (reinstall) a ASA-SSM-CSC-10 module. I used the CLI-Command : "hw module 1 recover boot". But the module is still in the Recover-mode.
  Output from CLI (I used the image: csc6.1-b1519.bin):
  Slot-1 890> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  Slot-1 891> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  Slot-1 892> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  Slot-1 893> Received 59944272 bytes
  Slot-1 894> Launching TFTP Image...
  sclfw002# sh module
  Mod Card Type Model Serial No.
  0 ASA 5510 Adaptive Security Appliance ASA5510 JMX1032K16L
  1 ASA 5500 Series Content Security Services Mo ASA-SSM-CSC-10 JAF10290481
  Mod MAC Address Range Hw Version Fw Version Sw Version
  0 0018.195b.e68d to 0018.195b.e691 1.1 1.0(11)2 7.2(1)
  1 0018.7317.b44a to 0018.7317.b44a 1.0 1.0(11)2
  Mod SSM Application Name Status SSM Application Version
  Mod Status Data Plane Status Compatibility
  0 Up Sys Not Applicable
  1 Recover Not Applicable
  Could anybody help me?
  thanks
  Reto

  Are you able to stop the recovery from continuously running? Use "hw-module module 1 recover stop" to end it. Then try to reset it again (hw-module module 1 reset).
  If the module become unresponsive due to too long running in recover mode, big chances you need to reset the ASA. But try to reset/shut it down via ASA CLI first before decide to shutdown/powerup the whole box. This may be inevitable. During shutdown, remove the module, and power-up the ASA. Insert the module once the ASA is properly running, and check the status/mode again.
  Start the boot recovery process again, recover configure if necessary. If you need to stop it, issue "hw-module module 1 recover stop" within 45sec after the recover boot/configure started.
  HTH
  AK

• Password reset on a older ASA-SSM-20

  Hi I have takken over a running ASA with a ASA-SSM-20
  but nowhere can i find the password
  and the asa is running 8.0.3 but the SSM is only running 5.1
  so the command hw-module module x password-reset dosn't work
  anybody there have an idea how to fix it
  thanks in advance

  In that case then the only way to recover
  the password is to perform a re-image of the AIP-SSM.
  You can perform the re-image via tftp using the commands
  'hardware-module module 1 recover configure' and then 'hardware-module
  module 1 recover boot'
  Link Re-image instructions
  http://www.cisco.com/en/US/docs/security/ips/5.1/configuration/guide/cli/cliSSM.html#wp1034193
  images:
  http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=282520327
  hope this helps
  regards
  Yesua

• How do I backup an IPS config (ASA-SSM-10)

  Hi,
  How do I backup an IPS config (ASA-SSM-10)?
  Thanks

  There is a copy command in the IPS CLI that can be used to copy the current configuration to a backup configuration on the sensor itself.
  Or to copy the current configuration to an FTP or SCP server.
  The copy command can then be used to copy a configuration from backup or from an FTP or SCP server back to the running configuration of the sensor.
  http://www.cisco.com/en/US/docs/security/ips/6.2/command/reference/crCmds.html#wp458440

• Oid Processing Load Percentage ASA-SSM-10

  Hi Guys ,
  Anybody knew the oid for Processing Load Percentage from module ASA-SSM-10 ? Because i want generate graphs in Cacti box .
  Thanks
  Jorge Ferreira

  I don't think you can do that vai SNMP. You can script it via
  the CLI tough 'show statistic virtual-sensor | inc Load'
  Regards
  Farrukh

• ErrSystemError-ct-sensorApp.463 not responding on ASA-SSM-10

  Hello,
  I got following error message when login into IPS over IDM, after error is displayed IDM is closing.
  errSystemError-ct-sensorApp.463 not responding, please check system processes
  - The connect to the specified Io::ClientPipe failed.
  SSH login works, when using CLI following health statistics are available:
  sensor# show health
  Overall Health Status                                               Red
  Health Status for Failed Applications                         Red
  Health Status for Signature Updates                         Yellow
  Health Status for License Key Expiration                   Green
  Health Status for Running in Bypass Mode                Red
  Health Status for Interfaces Being Down                   Green
  Health Status for the Inspection Load                      Green
  Health Status for the Time Since Last Event Retrieval   Green
  Health Status for the Number of Missed Packets          Green
  Health Status for the Memory Usage                      Not Enabled
  Health Status for Global Correlation                    Green
  Health Status for Network Participation                 Not Enabled
  Security Status for Virtual Sensor sensor-int    Green
  Security Status for Virtual Sensor vs0           Green
  Do you have any idea why IPS crashed ?
  ASA-SSM-10 is installed into ASA 5510.

  Hello,
  I have the sem problem since sveral days, I found the following workaround on our environement. Working since 5hours.
  Hope it helps.
  Regards.
  IDSM-2 Sensor Module - errSystemError -ct-sensorApp.XXX not responding, please check system processes - The connect to the specified Io::ClientPipe failed.
  Symptom:
  When attempting to access an IDSM-2 sensor via its GUI (IDM) or via IME (IPS Manager Express), an error such as the following is encountered:
  "errSystemError -ct-sensorApp.XXX not responding, please check system processes - The connect to the specified Io::ClientPipe failed."
  Additionally, review of the 'show version' command output indicates the AnalysisEngine (sensorApp process) to be "Not Running".
  Conditions:
  IDSM-2 sensor module running 7.0(x) software release. Global Correlation Inspection feature enabled (On). A 'show tech' command output includes a sensorApp process core containing lines similar to the following:
  cat /usr/cids/idsRoot/core/sensorApp/core.txt
  /usr/cids/idsRoot/bin/sensorApp(_ZN3Cid3Rep9RepIpData13ApplyIpUpdateEPKcPNS0_8RepScoreE+)
  Solution:
  This problem is tracked as defect CSCti79423. It can be encountered on the IDSM-2 platform when a Global Correlation Update occurs. A fix for this is currently planned for inclusion in the next 7.0 release (7.0(6)).
  In the interim, the only workaround to ensure that the sensor does not re-encounter this defect is to disable Global Correlation Inspection (Updates) as such:
  sensor# conf t
  sensor(config)# service global-correlation
  sensor(config-glo)# global-correlation-inspection off
  sensor(config-glo)# exit
  Apply Changes?[yes]: yes
  After making the above configuration change, a reboot of the affected IDSM-2 sensor module should restore it to service:
  sensor# reset

• Updating License & Signatures on ASA-SSM-10

  Hi,
  Does the same options are used to:
  updating IPS License and updating signatures on ASA-SSM-10?
  Actually i updated license file received from cisco licensing team:
  using IDM 6.0 > licensing option > update license > file location:
  and I was trying to update signatures using same options (as i dont find seprate options to update signatuers) but it gives error:
  Invalid license etc.,
  could anyone guide.
  Thank you.

  In the Update Sensor pane, you can immediately apply service pack and signature updates.
  Update Sensor Pane Field Definitions
  The following fields are found in the Update Sensor pane:
  •Update is located on a remote server and is accessible by the sensor—Lets you specify the following options:
  –URL—Identifies the type of server where the update is located. Specify whether to use FTP, HTTP, HTTPS, or SCP.
  –://—Identifies the path to the update on the remote server.
  –Username—Identifies the username corresponding to the user account on the remote server.
  –Password—Identifies the password for the user account on the remote server.
  •Update is located on this client—Lets you specify the following options:
  –Local File Path—Identifies the path to the update file on this local client.
  –Browse  Local—Opens the Browse dialog box for the file system on this local  client. From this dialog box, you can navigate to the update file.

• Failed auto update on ASA-SSM-20 The host is not trusted. Add the host to the system's trusted TLS certificates.

  Failed auto update on ASA-SSM-20 The host is not trusted. Add the host to the system's trusted TLS certificates.
    errorMessage: WebSession::sessionTask TLS connection exception: handshake incomplete.
  Messages, like this one, in the category - TLS connection failure - were logged 1464 times in the last 21461 seconds.  name=errTransport  

  Sam,
  See the other post in the list talking about your problem, "host not trusted".
  I had the same problem and the fix was to upgrade the IPS to 7.1(9)E4 . 
  Mike