Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipment3005 - VPN Concentrator - Gateway
31323334353637383940
33
Release Notes for Cisco VPN 3000 Series Concentrator, Release 3.6 Through 3.6.8.B
OL-5637-02
Caveats Resolved in Release 3.6.7.A
In Configuration | User Management | Groups | Authentication Servers, “Retries” must be set to zero
for the problem to occur.
The problem has been reported in Releases 3.5.5, 3.6.2 and 3.6.4 so far. The problem is confirmed
NOT to be present in Release 3.5.2.
When the Concentrator has not yet received the Node Secret from the ACE, it also fails to install it.
On the ACE though, you see the messages “Passcode Accepted” and “Node Secret Sent” to the
Concentrator.
CSCdz25612
When a default gateway is configured, the XML > export > outputs a “dummy” <Route> record with
ip/netmask = “0.0.0.0”. This issue occurs when using VPNSC download console to download
configuration to the VPN 3000 Concentrator.
CSCdz25627
The VPN 3000 Concentrator does not take an empty string for the shared secret. This issue occurs
when downloading a full configuration to the device.
CSCdz31629
LAN-to-LAN tunnels fail with Null encryption after having tunnelled with AES. LAN-to-LAN,
which attempts to negotiate P1 = RSA Cert - SHA1 - AES256, P2 = MD5 - Null or SHA1 - Null,
cannot be brought up. This happens only after a previous tunnel has come and gone, using AES.
CSCdz34486
During connection establishment, the VPN Concentrator received a framed IP netmask that was not
consistent with the address pool defined on the VPN Concentrator. User authentication was via
RADIUS, with address assignment being done via internal local pools. The netmask received from
RADIUS is being acted upon and used in the computation for determining valid addresses to be
issued from the local pool. When the broadcast address, based on the received netmask, was to be
issued to an incoming client connection, the connection was rejected.
CSCdz38146
The VPN30xx Concentrator tries to interpret ISAKMP/IPSec packets that arrive on the Public
interface even if those packets are not specifically destined for it. This occurs only when trying to
build a new tunnel over an existing tunnel built with VPN30xx's.
CSCdz43263
The Group Delimiter feature is currently not working with a software VPN client. The groupname
is not stripped off and the Concentrator tries to authenticate UsernameDelimiterGroupname instead
of just Username.
CSCdz43286
You cannot use the HTML interface to set the IPSec Encryption to Null on the SA configuration
page.
If you set it to Null, then click Apply, it reverts to the previous value.
You can set it to Null using the console CLI interface. It then appears on the web page as Null.
CSCdz57202
HTTP data does not cause a VPN 3002 Hardware Client to initiate a tunnel if cTCP is enabled.
ICMP (ping) data does, however, cause the VPN 3002 to initiate the tunnel.