Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipment3005 - VPN Concentrator - Gateway
11121314151617181920
16
Release Notes for Cisco VPN 3000 Series Concentrator, Release 3.6 Through 3.6.8.B
OL-5637-02
Open Caveats for VPN 3000 Series Concentrator
Workaround:
Use a PAT device that maps each additional simultaneous session to use unique UDP source
ports.
Connect to different destination Concentrators from behind the PAT device for additional users.
Use IPSEC over TCP (cTCP) or IPSEC over UDP with NAT-T instead of simple IPSEC over
UDP. In order to use either option, the feature needs to be enabled on the concentrator side.
NAT-T and cTCP are available in 3.6(1) and later of the VPN Client and VPN 3000
Concentrator code.
CSCdv26372
If the phase 2 SA has a lifetime set to 60 - 119 seconds, the VPN Client connection is automatically
disconnected. A phase 2 SA lifetime of 120 seconds and higher rekeys properly. This is an issue in
the SW client. LAN-to-LAN and hardware Clients work fine.
CSCdw36613
In some cases, the Zone Labs Integrity Agent may not properly update on the Windows NT version
4.0 operating system while the VPN Client is connected, policy is changed and re-deployed, and the
connection is up. Specifically, if you “Block Internet Servers” under the Firewall Security Rules in
the Policy and then Deploy that new policy, a PC running Windows NT version 4.0 receives the
updated policy, but it might not put the “Block Internet Servers” setting of that policy into effect.
Workaround:
Reboot the operating system.
CSCdx41742
You cannot reserve group bandwidth based on a percentage.
CSCdx47596
Due to a Microsoft bug, Windows XP PCs are not capable of receiving a large number of Classless
Static Routes (CSR). The VPN 3000 Concentrator limits the number of CSRs that are inserted into
a DHCP INFORM message response when configured to do so.
The VPN 3000 Concentrator limits the number of routes to 28-42, depending on the class.
CSCdx89348
The Concentrator may display the following events during a VPN Client connection. These events
were found to be due to the client being behind a Linksys Cable/DSL router that was incorrectly
modifying the Client’s packets, causing them to fail authentication when received by the VPN
Concentrator. The problem is more prominent if LZS compression is used.
Events:
131500 06/20/2002 17:08:34.300 SEV=4 IPSEC/4 RPT=4632
IPSec ESP Tunnel Inb: Packet authentication failed, username: gray, SPI:
4e01db67, Seq Num: 0000850f. Dump of failed hash follows.
Linksys has been notified about the problem.
Workaround:
Although no workaround currently exists, disabling LZS compression on the Concentrator helps
reduce the number of events. To disable LZS compression on the Concentrator set the “IPComp”
setting on the IPSec tab of the group configuration to “none”.