Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipment3005 - VPN Concentrator - Gateway
31323334353637383940
38
Release Notes for Cisco VPN 3000 Series Concentrator, Release 3.6 Through 3.6.8.B
OL-5637-02
Caveats Resolved in Release 3.6.3
CSCdy40109
When a VPN Client (version 3.6) connects to a VPN 3000 Concentrator (running 3.6 code as well),
using Entrust Entelligence (version 6.0) certificates, the username is not displayed under
Administration | Administer Sessions and/or Monitoring | Sessions.
This behavior occurs only when using a certificate serial number with a name in the CN field. For
example, CN=First Lastname + serial number...
If the CN field includes only the Name (without a serial number), the username is displayed
correctly under Administration | Administer Sessions and/or Monitoring | Sessions.
CSCdy74304
Rare, intermittent VPN 3000 Concentrator failures without any patterns occur during IKE
negotiation.
CSCdy88797
After upgrading VPN3000 Concentrator to release 3.6.3, tunnels do not negotiate to AES.
CSCdy80300
VPN Client logon to a VPN 3000 Concentrator running Release 3.6.1, using RADIUS for
authentication, fails when the VPN 3000 Concentrator assigns the IP address, and the RADIUS
server passes back a Framed-IP-Netmask of 255.255.255.255. The error message is:
“Bad refCnt (1) or invalid assigned ip address received (x.x.x.x).
Hardware clients are able to connect. Local authentication works.
All address allocation is via static pools configured for each group, no addressing comes from the
RADIUS server. Under 3.6.x, the user is phase2 authenticated, but then authentication fails.
CSCdy87378
Cisco VPN 3000 Concentrator can not connect with some third-party devices; for example:
Furukawa Denko FITELnet-F40. The VPN 3000 Concentrator required that the third Aggressive
mode packet be encrypted. In versions prior to 3.6.Rel, this was not required. The VPN 3000
Concentrator now accepts the third Aggressive mode packet, either encrypted or unencrypted.
Caveats Resolved in Release 3.6.3
Release 3.6.3 resolves the following issues:
CSCdu74128
SNMPv2 traps miss the standard snmpTrapOID.0 object.
CSCdv89254
The VPN Client might fail to connect to a load-balanced VPN 3000 Concentrator if it receives
out-of-order packets from the VPN 3000 Concentrator.
CSCdx12383
With local authentication or split-tunneling enabled, a VPN 3002 stops passing voice traffic after
about 9-15 hours of normal operation. All other traffic passes through without a problem.
CSCdx67737
In VPN 3000 Concentrator software, v3.5, the word “VPN” can not be used as group name. The
tunnel fails to establish. There is no such problem in the v3.0 software. Any other name, even one
using “Vpn” or a similar upper/lower case variant works.