Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipment3005 - VPN Concentrator - Gateway
31323334353637383940
40
Release Notes for Cisco VPN 3000 Series Concentrator, Release 3.6 Through 3.6.8.B
OL-5637-02
Caveats Resolved in Release 3.6.3
CSCdy35638
IP Phone_a is talking to IP Phone_b. When IP Phone_a mutes the conversation, it stops transmitting
packets as the codec goes into receive-only mode. IP Phone_b continues to transmit to IP Phone_a.
However, after 5 seconds, IP Phone_b can no longer be heard at IP Phone_a, because the PIX
firewall has stopped transmitting packets from the outside to inside interface, and this was caused
by the TCP windows being exceeded.
CSCdy36342
The range displayed in the error message for IPSec SA Lifetime Time is wrong. It displays “IPSec
Time Lifetime out of range. (10 - 2147483647).
The range should be “IPSec Time Lifetime out of range. (60 - 2147483647).” It was displaying
Lifetime KB range.
CSCdy36609
IKE rekey may fail if IKE rekey is set to 60 seconds.
CSCdy37701
In very rare situations, when connecting via HTTP or HTTPS (SSL) management session, LAN to
LAN sessions and Remote Access Sessions are not displayed under Administration | Administer
Sessions and/or Monitoring | Sessions. This appears to happen for sessions with SINGLE QUOTES
(') in the name.
Telnet, SSH, or console connections successfully display the remote access and LAN to LAN
sessions. Remove the SINGLE QUOTE (') from the site name.
CSCdy37743
With the Mac OS X IE browser, when looking at logged in users under the session management
screen, 127.255.255.255 is seen instead of the correct IP address in some cases.
CSCdy38726
VPN Hardware Client 3002 with version 3.6 does not negotiate the correct MRU that is configured
in the interface configuration. It always tries to adjust the MRU to 1492.
CSCdy38856
When a VPN 3002 is placed behind a PIX firewall with IPSec over TCP connection to a VPN 3000
Concentrator, we cannot bring the connection up once the VPN 3002 is rebooted.
This occurs because PIX firewall has an active TCP connection which was never reset; when the
3002 comes up it uses the same source and destination port number to make the new connection.
The sequence number for the packets does not match the previously active connection, and PIX
drops the packets. To avoid this issue, clear the connection on the PIX using the clear xlate
command.
CSCdy39675
When users try to enroll a VPN 3000 Concentrator or VPN 3002 Hardware Client to a Verisign
Onsite CA using a file-based method, the Verisign enrollment application complains about the
PKCS10 request generated by the VPN 3000 concentrator (the error ID on Verisign enrollment page
is 105).
The issue is reported only in versions 3.5.4 and 3.6. Downgrading the VPN 3000 Concentrator or
VPN 3002 Hardware Client to a version earlier than 3.5.4 and enrolling to the CA works fine. After
the enrollment, the VPN concentrators then can be upgraded to higher version if needed.