Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipment3005 - VPN Concentrator - Gateway
11121314151617181920
11
Release Notes for Cisco VPN 3000 Series Concentrator, Release 3.6 Through 3.6.8.B
OL-5637-02
Usage Notes
“Username@Group” Can Now Be Sent to Authentication Server When Strip
Group Is Disabled
Release 3.6.7.F adds the ability to send a “Group Lookup” username to the authentication server during
user authentication. This feature restores the ability that was available as a side effect of having “Strip
Realm” disabled and “Group Lookup” enabled with “@” delimiter.
In Release 3.6.7 and earlier releases, the strip realm and group lookup feature overlapped when the group
lookup delimiter was set to '@'. A side effect of this overlap was the ability to send “username@group”
to the authentication server during user authentication. This later was reported as a caveat
(CSCea88995), which now has been fixed. Unfortunately, some customers have been taking advantage
of this feature and have requested that the capability be added back.
This restored feature applies only to usernames that are in the group lookup format “user@group”,
“user#group”, or “user!group” and only when “Group Lookup” is enabled.
To use this feature, uncheck the “Strip Group” checkbox on the Configuration | System | General |
Authentication screen.
When “Strip Group” is checked and a username contains a group, the group name is stripped off the
username during user authentication.
When “Strip Group” is unchecked and the username contains a group, the group name is not stripped
off the username during user authentication.
Usage Notes
This section lists interoperability considerations and other issues to consider before installing and using
Release 3.6.8 of the VPN 3000 Series Concentrator software.
Online Documentation
The online documentation might not be accessible when using Internet Explorer with Adobe Acrobat,
Version 3.0.1. To resolve this issue, upgrade to Acrobat 4.0 or higher. The latest version of Adobe
Acrobat is available at the Adobe web site: http://www.adobe.com.
Disable Group Lock When Using SDI or NT Domain Authentication
This feature is supported only when using Internal or RADIUS authentication. To ensure that you are
using this feature properly please refer to the following URL:
http://www.cisco.com/warp/customer/471/altigagroup.html
Password Expiry Does Not Change User Profile for LAN
You must enable Start Before Logon on the VPN Client and possibly may need to make sure that DNS
and WINS servers are properly configured (CSCdv73252).