Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipment3005 - VPN Concentrator - Gateway
21222324252627282930
21
Release Notes for Cisco VPN 3000 Series Concentrator, Release 3.6 Through 3.6.8.B
OL-5637-02
Open Caveats for VPN 3000 Series Concentrator
CSCea48668
A VPN 3060 Concentrator running software Release 3.6(7)Rel:
failed with Exception Type: 0x00000300/DSI.
The Concentrator recovered itself after a while with no intervention.
CSCea50566
You can access the web admin GUI interface using a MAC OSX machine running IE 5.5 with all
updates and java installed. You can get around and configure the device as usual; however, when you
click on the live event log link from the left-hand menu options | Monitoring | Filterable Event Log
| Live Event Log, the following error appears:
java.lang.ClassNotFoundException eventlog.class
CSCea51198
The VPN Client can connect to the VPN 3005 Concentrator, but cannot reach to a network when the
packet matches “tunnel default gateway” route. But when the packet matches “static” route, the VPN
Client can reach to the network.
CSCea52841
When applying a filter to a vpn group the filter settings don't apply to users of this group when
connected.
Workaround:
Apply the filter to the individual user.
CSCea55221
A VPN3005 fails frequently.
CSCea64917
A VPN 3000 Concentrator running Release 3.6.7.C fails to generate a full XML file if the
Concentrator has more than 15 LAN-to-LAN tunnels configured.
CSCea65125
Network Autodiscovery does not work if the VPN 3000 Concentrator is behind a NAT device and
the NAT-T feature is in place.
Workaround:
On the VPN 3000 Concentrator behind the NAT device, do the following steps:
Step 1 Modify filter rules created for public-to-public. Replace the local address with the NATed address
Step 2 Enable L2L-NAT
Step 3 Add static L2L NAT entry: public/0.0.0.0:NAT/0.0.0.0->peer/0.0.0.0,
where 'public' is public IP of the Concentrator behind NAT device, 'NAT' is the public address of the
NAT device and 'peer' is the public address of the remote Concentrator.
Explanation of Workaround:
Step 1 updates the filter rules that are used to establish the Public-To-Public IPSec SA. The
addressing in the rules must be consistent on each side of the tunnel.