System information

Release Notes for Cisco VPN 3000 Series Concentrator, Release 3.6 Through 3.6.8.B

OL-5637-02

Caveats Resolved in Release 3.6.7.H

Release 3.6.7.H resolves the following issues:

• CSCdz17373

A customer is connecting from a 3002 hardware client configured as a PPPoE client to a VPN 3000

Concentrator using an Internet Service Provider. According to the customer, this configuration was

working fine until recently when ISP made a change on their side to use PAP instead of MS-CHAP

v1 for PPPoE authentication. The customer sees same behavior whether they use 3.6.3, 3.6.1 or

3.5.5.

• CSCeb18649

VPN Client can't connect using cTCP to the virtual address in the VPN 3000 Series Concentrator

using load balancing following a reboot. This issue occurs only in Releases 3.6.7.F, 3.6.7.G,

4.0.1.Rel and 4.0.1.A

• CSCeb22460

VRRP and IPSec over TCP might not work in Releases 3.6.7.F and 4.0.1., but they work in release

3.6.3.

Caveats Resolved in Release 3.6.7.G

Release 3.6.7.G resolves the following issues:

• CSCea50428

A VPN 3000 Concentrator might leak message buffers under the following conditions. This could

prevent new connections and possibly cause the device to fail.

Conditions:

–

DHCP relay is configured.

–

The external interface is used as the public interface.

–

Routing from the DHCP server to the Concentrator's external interface is not through the

Concentrator's private interface (that is, the Concentrator is not the default gateway).

• CSCea81010

When using multiple static CRL servers, if the first server fails without being taken off-line, the

subsequent searches also fail.

• CSCea83433

With authentication set to Radius with Expiry, the user is prompted for username, password and

domain name when connecting. The ACS authentication report shows “domain\username”, but the

ACS accounting report page shows only the “username”.

• CSCea91878

The VPN 3000 Concentrator, Releases 3.6.7C, 3.6.7D, and 4.0, sends VRRP messages on the public

interface after system shutdown.