Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipment3005 - VPN Concentrator - Gateway
21222324252627282930
22
Release Notes for Cisco VPN 3000 Series Concentrator, Release 3.6 Through 3.6.8.B
OL-5637-02
Open Caveats for VPN 3000 Series Concentrator
This tunnel is used to sent the autodiscovered networks (via RIP). Steps 2 and 3 tell the Concentrator
to NAT packets (to the NAT device's public interface) between the peer's public to its public. This
is necessary because the peer directs its RIP packets to what the peer believes to be its peer (the NAT
device).
Since the filter rule was modified, the NATed Concentrator needs to NAT its RIP packet to match
the modified filter rule.
CSCea68888
The VPN Concentrator is not accepting client connections.
After re-booting the VPN 3000 Concentrator, it accepts client connections for some time, then stops
accepting client connections.
Workaround:
Re-boot the VPN concentrator.
CSCea70412
You cannot use Split Tunnel with ICF on Windows XP. Microsoft does not allow adding an
appropriate filter rule to allow the specific ports needed to use for VPN Client communications.
CSCea74611
The VPN 3000 Series Concentrator mibs are improperly posted and do not conform to Cisco
standards.
CSCea79588
With Cisco Integrated Client Firewall and CPP, when you define (on the Concentrator) a filter with
“Default Action” set to “Drop & Log”, the policy looks good on the VPN Client “Firewall” tab, but
the default action (drop) is not correctly enforced.
Workaround:
Choose “drop” as the default action.
CSCea81088
Using VPN 3000 Concentrator software Release 3.6.5 or 3.6.7.A, a CRL check fails if the received
CRL is empty.
CSCeb06719
A VPN 3030 Concentrator froze when telnetting on it. Then it rebooted.
CSCeb06896
The circumstances initiating this set of failures are unclear and at this point unreproducible. The
customer network had been running for some time without incident. Suddenly, the system crashed
several times within a few days. The initial failure occurred when running Release 3.6.7.A, but
upgrading to Release 3.6.7.D made no improvements. The customer environment requires tunnels
to be terminate on all three interfaces. At some point IPSec compression was enabled for all groups.
It's unclear whether this configuration change was made at the time of the crashes. It is clear that
disabling IPSec compression restored stability in the customer network.
CSCeb07283
A VPN 3000 Concentrator using EAP-TLS and L2TP compression stops encrypting traffic after 2-3
hours, connection stays up.
The user can connect to the VPN 3000 Concentrator (running Release 3.6.7.Rel) without any
problem, using L2TP over IPSec /w EAP-TLS authentication, but after 2-3 hours of traffic passage,
the VPN 3000 Concentrator stops encrypting traffic, but doesn't drop the connection.