Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipment3005 - VPN Concentrator - Gateway
21222324252627282930
28
Release Notes for Cisco VPN 3000 Series Concentrator, Release 3.6 Through 3.6.8.B
OL-5637-02
Caveats Resolved in Release 3.6.7.C
CSCdz72398
Even when the master Concentrator is shutdown, VRRP messages are still sent out. As a result, the
backup Concentrator never assumes the master role.
CSCdz78203
The following code Assertion might occur on a system using the SEP-E as tunnels are connecting
and disconnecting.
Assertion: “sa->refCnt >= 0” failed, in file fsmact.c, line 4462
CSCdz82620
Cisco 501 with Individual User Authentication to Cisco ACS fails. The log message on the VPN
3005 Concentrator is:
56 01/16/2003 18:55:24.480 SEV=4 AUTH/9 RPT=52
Authentication failed: Reason = No active server found
handle = 232, server = (none), user = user
CSCea00667
The VPN 3000 Concentrator might fail if you are viewing bandwidth management statistics from
the HTML management interface.
CSCea11996
If RRI (Client and/or Net extension mode) is enabled or disabled in configuration/system/ip
routing/reverse route injection, and generate hold down routes is clicked before apply, the
enable/disable changes that were made fail to survive. The changes revert back to what they were
set to when you entered the page as soon as gen hold down routes is clicked. If you are observing
closely, you may realize that your settings were blown away, before clicking apply. Otherwise, you
may be confused as to why the routes are not showing up in the routing table.
CSCea12413
A problem can occur with a VPN 3000 Series Concentrator that is authenticating against a Windows
2000 server via RADIUS w/ Expiry option. If a user's password expires, the Cisco Client prompts
user for change of password. If the new password meets password requirements, then the rest goes
well. If not, then subsequent attempts also fail.
CSCea12933
This happens only in Release 3.6.1, but not in 3.0.3, which has also been tested. Release 3.6.1 also
works correctly if @ is used as group delimiter.
If Group Delimiter is selected; for example, #, the external authentication request is sent with the
whole UsernameDelimiterGroupname instead the Username only.
This means no strip-off from Group Delimiter for external authentication. The authentication fails
because the Authentication server authenticates based on Username. For example:
user: Cisco
group: Test
Group Delimiter: #
UsernameDelimiterGroupname: Cisco#Test
This means that the VPN 3000 Concentrator sends Cisco#Test to the Authentication server instead
of Cisco.
CSCea19992
Under Monitoring | Statistics | Authentication, the Requests column never gets updated and shows
0. The Accept, Reject columns counter get updated properly.