sa3450 and sa3000 Series VPN Manager - Release 6.8.2 Release Notes

Release 6.8.2 Release Notes

tunnel and change the AH Key, although the Key data does

match the profile key length, the following message

appears:

Key data does not match profile key length

SAs Defined for Site-to-Site Tunnels Can

Have Invalid Profiles

Reference Number 850DF and 851

In Release 6.8.2, Security Associations (SAs) defined for

Site-to-Site Tunnels can have invalid profiles. For example,

if you open a device configuration from the VPN Manager,

add a site-to-site tunnel using an ESP v2 (IKE) Security

Profile, right click the tunnel to add an SA, and select an

ESP v1 Security Profile the following message correctly

appears:

Encryptor profile and SA profile do not match

However, if you now select an L2TP Over IPSec security

profile, you are erroneously allowed to use it. Similarly, if

you choose an ESP v2 (Man) Tunnel, you are allowed to

choose an ESP v 1 SA and if you choose an L2TP tunnel,

you are allowed to choose an ESP v2 (IKE) SA.

Similarly, if you create a site-to-site tunnel using an ESP v2

(IKE) security profile, then you add an SA using this

security profile, then you drag and drop the SA from the

manual tunnel to the IKE tunnel, the following message

appears:

Paste of item "SA1" failed

Encryptor Profile and SA profile types do not

match

The Larger the Client-IP Count, the

Longer the Wait

Reference Number 852DF

In Release 6.8.2, if you define a static Client-IP with a large

count for a Remote Group tunnel, the VPN Manager takes

a long time to process your definition.

The delay begins to appear at counts of about 5,000, and

increases as you increase the count. Once you click OK, a

count of 10,000 can take up to two minutes to process