Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipment3005 - VPN Concentrator - Gateway
21222324252627282930
30
Release Notes for Cisco VPN 3000 Series Concentrator, Release 3.6 Through 3.6.8.B
OL-5637-02
Caveats Resolved in Release 3.6.7.B
CSCdz83301
If a simple password is configured under the OSPF tab in any of the interface configuration pages,
the deleted entry reappears, even after deleting the password, selecting none for OSPF
authentication, and clicking apply.
CSCdz84481
When a user fails authentication due to a restriction placed on the account at the Active Directory
server, the Concentrator Events do not display the reason for the failure. Some restrictions on the
account could be Account Expired, Account Disabled, Account Locked-Out, Not within Logon
Hours and Password Change required. For most of these restrictions you will see the following
Events:
124 01/20/2003 11:12:55.590 SEV=10 AUTHDECODE/43 RPT=4
Kerberos: Error type: Client's creds have been revoked
130 01/20/2003 11:12:55.590 SEV=4 AUTH/9 RPT=9 70.139.1.5
Authentication failed: Reason = Invalid response received from server handle = 196, server =
198.133.219.25, user = myuser
CSCdz87573
When a LAN-to-LAN connection is added and the “Create Network List” feature is used, then the
routing table fails to get populated with the remote list entries, as it should when Reverse Route
Injection (RRI) is enabled.
If the network lists are constructed first, then the LAN-to-LAN is constructed via the wizard using
these lists, then when RRI is applied to the LAN-to-LAN, all entries show up as they should.
CSCea02277
When the customer, using VPN3030 with 3.6.5 software, assigns IP addresses, the addresses are
allocated on a group basis under the Configuration | User Management | Groups | “hilite the group”
Modify Address Pool option. When an entry is deleted from the list, multiple entries are deleted. If
you try to enter the second erroneously deleted entry, the VPN Concentrator complains that the
network exists in the lists. Rebooting does not solve the problem.
CSCea02294
When receiving IKE packets with missing payload(s), events currently only state that the packet had
invalid payload(s).
CSCea07383
When using split tunneling and routing large frames in-the-clear through the public interface over
PPPoE, frames that require fragmentation due to the additional 8 bytes for PPPoE overhead will be
dropped. This problem seems to affect only PPPoE connections.
CSCea25668
Statically assigned filters take precedence over dynamically assigned filters. It should be the other
way around.
CSCea28425
Using Kerberos authentication, if you attempt a VPN Client connection and type the username
incorrectly or enter an unknown username, the Client simply disconnects and the Concentrator
Event Log shows:
122 02/25/2003 08:08:06.690 SEV=4 AUTH/9 RPT=1 192.168.1.24
Authentication failed: Reason = Invalid response received from server handle = 19, server =
10.10.0.10, user = IsThisUserHere