|
|
CCO March 19, 2002
 |
Note You can find the most current documentation for Cisco VPN 3000 products on CCO. These electronic documents might contain updates and changes made after the hard copy documents were printed. |
These release notes are for Cisco VPN 3000 Series Concentrator FIPS Release, which is based on Release 3.1.3 software. These release notes describe limitations and restrictions, caveats, and related documentation. Read these release notes carefully prior to installation.
These release notes supplement the Security Policy document and describe the following topics:
Caveats for VPN 3000 Series Concentrator, FIPS Release 3.1.3
Obtaining Technical Assistance
This section describes the system requirements for FIPS release.
Cisco VPN 3000 Series Concentrator FIPS software release supports the following hardware platforms:
FIPS Release contains two binary files, one for each of two platforms:
vpn3000- support the VPN Concentrator 3015 through 3080 platforms.
vpn3005- support the VPN Concentrator 3005 platform only.
This section lists the issues you should know before installing this release of the VPN 3000 series products.
The online documentation might not be accessible when using Internet Explorer with Adobe Acrobat: Version 3.0.1. To resolve this issue, upgrade to Acrobat 4.0, which is available at the Adobe web site: http://www.adobe.com.
The following versions of Netscape and Internet Explorer are the required versions for FIPS:
This section describes known issues associated with specific PKI vendors and browsers. We list them to assist you in setting up the VPN Concentrator. For a complete list of supported certificate authorities (CAs), see the VPN 3000 Series Concentrator Getting Started manual.
To use the Entrust PKI, you must use the Entrust VPN Connector to enroll the VPN Concentrator and the Entrust Web connector to enroll the web browsers. If you are setting up the Entrust directory server and you want to implement CRL checking, use the binary option not the ASCII option. Cisco Systems does not support ASCII format for CRLs. If you have already set up the Entrust PKI to use ASCII, contact Entrust Technologies for help in converting to binary. Entrust can provide a step-by-step procedure to help you make this change easily.
If using Baltimore Technologies for remote access, we recommend using UniCERT PKI Version 3.0.5 or later.
The VPN Concentrator supports Verisign certificates. By default, Versign posts its CRL in HTTP format. For the VPN Concentrator to retrieve the CRL, it must be posted on an LDAP server.
Cisco Systems supports an 8-character maximum in specifying a password for OSPF authentication (Configuration | Interfaces | Ethernet 1 2 3 OSPF tab).
When a Cisco Catalyst switch uses Spanning-Tree Protocol (STP), the inherent delays with STP cause a delay in recognizing that a backup VPN Concentrator has taken over as the master in a VRRP scenario.
To reduce this delay to 15 seconds, you can enable Portfast on switches that use STP. To configure Portfast on Cisco switches, refer to the document: http://www.cisco.com/warp/customer/473/12.htm.
Be aware that there is no way to recover your system if you forget the Administrator password. Take appropriate measures to safeguard your password and remember it. If you forget the Administrator password, you cannot log in to your system and you will have to return the VPN Concentrator to be recovered.
Caveats describe unexpected behavior or defects in Cisco software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious.
|
Note If you have an account with CCO, you can use Bug Navigator II to find caveats of any severity for any release. To reach Bug Innovator II on CCO, select Software & Support: Online Technical Support: Software Bug Toolkit or navigate to http://www.cisco.com/support/bugtools. |
The following problems exist with the VPN 3000 Series Concentrator, FIPS Release 3.1.3.
The Cisco VPN 3000 Series Concentrator documentation set has not been revised for this release. However, the standard documentation is available online through Cisco Connection Online (CCO).
Many differences exist between the FIPS-compliant Release and the online help. This section lists the most important differences.
Some of the online help pages do not accurately reflect the default values for FIPS operation. The following list provides the correct default values.
This section lists some limitations and differences in the way the command-line interface operates on the VPN Concentrator.
For service and support for a product purchased from a reseller, contact the reseller, who offers a wide variety of Cisco service and support programs described in "Service and Support" in Cisco Information Packet shipped with your product.
|
Note If you purchased your product from a reseller, you can access CCO as a guest. CCO is Cisco Systems' primary real-time support channel. Your reseller offers programs that include direct access to CCO services. |
For service and support for a product purchased directly from Cisco, use CCO.
The Cisco TAC home page includes technical tips and configuration information for the VPN 3000 Concentrator and client. Find this information at:
http://www.cisco.com/warp/public/707/#vpn3000
This section describes how to obtain the documentation on the Web or how to access the documentation on CD-ROM.
|
Note Except for these Release Notes, no printed documentation ships automatically with this product. Please see the following sections for information about obtaining documentation for this product and for other Cisco products. |
Documentation for this product and for all Cisco products is available on the World Wide Web. You can access the most current Cisco documentation at: http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which is available as a single unit or as an annual subscription. Registered CCO users can order the Documentation CD-ROM and other Cisco Product documentation through our online Subscription Services at:
http://www.cisco.com/cgi-bin/subcat/kaojump.cgi.
Nonregistered CCO users can order documentation through a local account representative by calling Cisco's corporate headquarters (California, USA) at 408 526-4000 or, in North America, call 800 553-NETS (6387).
Cisco provides Cisco Connection Online (CCO) as a starting point for all technical assistance. Warranty or maintenance contract customers can use the Technical Assistance Center. All customers can submit technical feedback on Cisco documentation using the web, e-mail, a self-addressed stamped response card included in many printed docs, or by sending mail to Cisco.
CCO's broad range of features and services helps customers and partners to streamline business processes and improve productivity. Through CCO, you will find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online support services, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.
Customers and partners can self-register on CCO to obtain additional personalized information and services. Registered users can order products, check on the status of an order and view benefits specific to their relationships with Cisco.
You can access CCO in the following ways:
You can e-mail questions about using CCO to cco-team@cisco.com.
CCIP, the Cisco Powered Network mark, the Cisco Systems Verified logo, Cisco Unity, Fast Step, Follow Me Browsing, FormShare, Internet Quotient, iQ Breakthrough, iQ Expertise, iQ FastTrack, the iQ Logo, iQ Net Readiness Scorecard, Networking Academy, ScriptShare, SMARTnet, TransPath, and Voice LAN are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, Discover All That's Possible, The Fastest Way to Increase Your Internet Quotient, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, GigaStack, IOS, IP/TV, LightStream, MGX, MICA, the Networkers logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0201R)
Copyright © 2002, Cisco Systems, Inc.
All rights reserved.
Posted: Mon Apr 8 13:39:17 PDT 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.