Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipment3005 - VPN Concentrator - Gateway
11121314151617181920
14
Release Notes for Cisco VPN 3000 Series Concentrator, Release 3.6 Through 3.6.8.B
OL-5637-02
Usage Notes
SNMP Traps VRRPNotifications and cipSecMIBNotifications Are Not
Supported
The VPN 3000 Concentrator does not support the VRRPNotifications and cipSecMIBNotifications
SNMP traps. You can configure VRRP for these SNMP traps without getting an error message, but the
traps themselves are not supported, so no action occurs. The same is true of Cisco IPSec-flow MIB
notifications (CSCdx44580).
RSA Allows a CA to Issue Only One Certificate with any DN
The rekey option to renew an SSL certificate from the RSA CA results in a rejection of the request.
The resubmit/renew feature does work with RSA as long as the certificate being rekeyed or renewed is
first deleted from the CA database. RSA does not allow a CA to issue more than 1 certificate with any
particular DN (CSCdv27743).
Rebooting after Installing New Hardware
Delays of about 3-50 seconds in making a VPN connection have occurred on Windows XP Professional
Edition and Windows 2000 Professional Edition after adding a new NIC card. If you see problems of
this nature, reboot the PC after the initial installation of the NIC card (CSCdv27743).
Reauthentication on Rekey Interval
If you have enabled the Reauthentication on Rekey feature, the VPN Concentrator prompts you to enter
an ID and password during Phase 1 IKE negotiations and also prompts for user authentication whenever
a rekey occurs. Reauthentication provides additional security.
If the configured rekey interval is very short, users might find repeated authorization requests
inconvenient. In this case, disable reauthentication. To check your VPN Concentrator’s configured rekey
interval, see the Lifetime Measurement, Data Lifetime, and Time Lifetime fields on the Configuration |
System | Tunneling Protocols | IPSec | IKE Proposals | Add or Modify screen.
Note At 85% of the rekey interval, the software client prompts the user to reauthenticate. If the user does not
respond within approximately 90 seconds, the VPN Concentrator drops the connection.
Network Lists for CPP Firewall Policy Source and Destination Are Not
Supported
The VPN 3000 Concentrator does not support selecting source and destination network lists when
defining rules for CPP firewall policy. Instead, you must define the source and destination address
in the rule definition (CSCea14152).