Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipment3005 - VPN Concentrator - Gateway
21222324252627282930
29
Release Notes for Cisco VPN 3000 Series Concentrator, Release 3.6 Through 3.6.8.B
OL-5637-02
Caveats Resolved in Release 3.6.7.B
CSCea37929
When using Unit Authentication for 3002s connecting into a Load Balancing Cluster the connection
will fail. Connecting to the individual concentrators within the cluster functions properly. This
problem only occurs when connecting to the cluster address.
CSCea37992
The VPN 3002 cannot establish an IKE tunnel to a central-site PIX.
CSCea39673
Incorrect port number is displayed via CLI for VPN 3002 NAT-T connections.
CSCea42622
On the VPN Concentrator’s group configuration for the VPN 3002, if you have AES-256 and PFS
Group 2 configured in the IPSec SA and the 3002 is using NAT-T, PHASE 2 fails to negotiate, and
the tunnel never comes up.
CSCea44988
When group lookup is enabled and the user enters username<delimiter>group, the group is not
stripped off the username before sending it to the accounting.
For example, “User#MyGroup” would be sent to the accounting server instead of just “User”.
CSCea45176
A VPN 3002 Hardware Client fails to pass data across a cTCP tunnel for one way streams. This
problem occurred because of a TCP windowing issue. The TCP ACKs piggy-back on the ESP data
packets. Since data was only going one way, the TCP acks were not being sent. This caused the VPN
3002 Hardware Client to drop new packets (including Dead Peer Detection), and the connection
would terminate.
The peer sends a gratuitous ACK for every 8K of data received. This ACK was getting processed
but did not adjust the window. This problem was introduced in Release 3.6.7.B when exceeding
window size prevention was added.
CSCea45961
The password for the Accounting server will reset when you modify the server data but not the
password field. This happens when you select Modify Accounting Server and press apply (without
changing any fields).
Caveats Resolved in Release 3.6.7.B
Release 3.6.7.B resolves the following issues:
CSCdz01769
OSPF updates are not populating the routing table on the VPN Concentrator.
CSCdz48332
If you add and delete filters through the GUI interface (Configuration | System | Policy Management
| Traffic Management | Filters), there is a very small memory leak for each filter created and deleted.
CSCdz80292
If the 3002's configuration is changed from DHCP to PPPoE, and the PPPoE username or password
is configured incorrectly, after 3 attempts to contact the PPPoE Access Server the 3002 will reboot.