System information
39
Release Notes for Cisco VPN 3000 Series Concentrator, Release 3.6 Through 3.6.8.B
OL-5637-02
Caveats Resolved in Release 3.6.3
• CSCdx74374
Release 3.5.2/3.5.3 of the VPN 3000 Concentrator does not work with the NETWARE DHCP server.
In 3.5.x, when the VPN 3000 Concentrator receives the same IP address from the DHCP server, it
never sends the reject; it just fails the connection. On the other hand, in Release 3.02, when the VPN
3000 Concentrator receives the same IP for the second client, it sends a reject to the DHCP server
and successfully retrieves a second, unique IP address.
• CSCdy09539
When obtaining an IP address and DNS server attributes via PPPoE, the VPN 3002 might fail to
resolve DNS host names, causing the VPN 3002 PING utility to fail, and IPSec VPN tunnels to fail
to negotiate.
• CSCdy15762
A view-only administrator session can lock the configuration on a VPN 3000 Concentrator, not
allowing an administrator with authority to make a change for a certain time period. To avoid this
issue, reboot the VPN 3000 Concentrator or locate the view-only session and log it off.
• CSCdy18819
Maximum connect timeout value does not work.
After setting the maximum connect tim out value to 6 hours, the VPN Client connections do not
terminate. They are seen to be live for more than 6 hours.
The maximum connect timeout applies only to each SA. This leads to the issue where SAs started
at different times (for example, during split-tunneling) would prevent the connection from
terminating. The connection terminates only when the last SA is torn down.
The code has been adjusted to reduce an SAs lifetime by the current uptime for the connection, so
no new SAs are permitted after max connect is exceeded. This causes all SAs to expire at max
connect.
• CSCdy26332
The VPN 3002 might ignore some Cisco Discovery Protocol (CDP) messages because of checksum
errors. The VPN 3002 uses the CDP messages to detect IP Phones on its private network.
This occurs because of an error in the checksum algorithm in the CDP packet with respect to odd
length packets.
The error checksum algorithm is now part of the standard, so the VPN 3002 should be updated to
this algorithm.
• CSCdy26579
An HTTP 401 Unauthorized error appears on the console when trying to access the VPN 3000
Concentrator through a web browser using admin access, even when administrative rights are given
to admin user.
The two events HTTP/9 and HTTP/10 might appear when a user connects to the login page. These
are not errors but HTTP status information. As a result, their severity will be lowered from
warning(3) to informational(5).
• CSCdy29543
Automatic backup of log files through FTP is failing to a 3COM FTP/TFTP server. The resolution
for caveat CSCdy20464 did not solve the problem. Customer is using 3COM 3CDAEMON version
2.0 release 10 and the FTP server is still rejecting the binary command.