Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipment3005 - VPN Concentrator - Gateway
31323334353637383940
31
Release Notes for Cisco VPN 3000 Series Concentrator, Release 3.6 Through 3.6.8.B
OL-5637-02
Caveats Resolved in Release 3.6.7.A
To help troubleshoot Kerberos authentication problems, enable AUTHDECODE up to SEV=10, and
you also see this Event:
117 02/25/2003 08:08:06.690 SEV=10 AUTHDECODE/43 RPT=8906
Kerberos: Error type: Client not found in Kerberos DB
Caveats Resolved in Release 3.6.7.A
Release 3.6.7.A resolves the following issues:
CSCdy09630
The description of the IPSec Backup Servers feature in the VPN 3000 Concentrator Series
Reference documentation indicates that it applies only to the VPN3002 Hardware Client. The
feature now applies to the Software Client as well. For information about this feature and how to
configure it, on the VPN Concentrator, see VPN Client Administrator Guide, Chapter 1. For
information about how to configure Backup Servers in the VPN Client, see VPN Client User Guide.
CSCdy12056
If a LAN-to-LAN tunnel between a VPN 3000 Concentrator and an IOS device is misconfigured and
repeatedly fails to establish, then the VPN 3000 Concentrator could enter a state where a reboot is
required.
One way to encounter this problem is to try to set up IOS to handle both LAN-to-LAN tunnels and
Remote Access tunnels on the same interface, without breaking the IOS interface into V-LANs. This
is a misconfiguration and is not supported by IOS, and it can lead to problems with the VPN 3000
Concentrator.
This configuration is not supported because IOS does not allow the same crypto map to be used to
terminate both LAN-to-LAN tunnels and Remote Access tunnels. In addition, IOS only allows one
crypto map to be applied per interface.
Consequently, if both types of tunnels must be terminated on a single physical interface, that
interface must be broken out into V-LANs. Dividing the physical interface in this way enables a
different crypto map to be applied to each virtual interface. This in turn enables both types of tunnels
to be terminated on the same physical interface while maintaining a valid configuration.
CSCdy26296
When viewing bandwidth management statistics via the CLI, with Bandwidth Management enabled
and multiple users connected, all user sessions scroll through on the screen without the user being
prompted to press space to continue or Q to quit.
CSCdy28464
Documentation for the Bandwidth Management feature in Release 3.6.1 refers to a configuration
option in which bandwidth aggregation is automatically applied to a LAN-to-LAN connection when
a bandwidth reservation policy is applied to a LAN-to-LAN connection. This feature is not available
in Release 3.6.1.
To ensure that bandwidth is always available for a LAN-to-LAN connection via the HTML interface,
navigate to Configuration | User Management | Groups. Highlight the LAN-to-LAN group, and
select the Assign Bandwidth Policies button. Select the public interface, and next to the Bandwidth
Aggregation parameter, enter the amount of bandwidth to reserve from the total available bandwidth
for this connection.
If bandwidth aggregation is not set for a LAN-to-LAN connection, a situation might occur where
there is not enough bandwidth available for the tunnel to be established.