Guest

Cisco VPN 3000 Series Concentrators

Field Notice: FN - 29117 - CVPN3005 Corrupt Compact Flash Image Causes a Failure to Generate SSL Certificates in Software Versions 4.0.X and Below


Revised September 11, 2006
June 3, 2004


NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.


Products Affected

Product
CVPN3005-E/FE  
CVPN3005-E/FE-BUN  

Serial Numbers

Sequential #
From CAM0708xxxx to CAM0750xxxx
 

Problem Description

VPN3005 Concentrators that fall into the following serial number range and are currently running software versions 4.0.X and below may experience a failure to generate and save certificates, or may encounter inconsistent volume errors from the file system.

Serial number range:
CAM0708xxxx - CAM0750xxxx
(xxxx = any alpha numeric value)  

Background

Due to a manufacturing process error in the duplication of CVPN3005 Compact Flash images, the Flash file system became corrupt, causing the noted failures.  

Problem Symptoms

In VPN 3000 Series Concentrator software versions 4.0.X and below, a failure to save certificates to the file system generates an SSL event and displays certificate errors under the Administration | File Management menu.

Under Administration | Certificates Management, the SSL Certificate for the configured interface or interfaces displays the message: No Certificate Installed.

To verify the above symptoms check the following:

1. When you boot a preconfigured VPN 3005 Concentrator, you see the following event:

- 21 02/12/2004 06:39:13.090 SEV=4 SSL/16 RPT=2Unable to create SSL default context on private interface: no certificate.

2. Under Administration | File Management, you see the following error message:



3. Under Administration | Certificates Management, the SSL Certificate for the configured interface(s) will display the following message:

No Certificate Installed.  

Workaround/Solution

If your CVPN3005 concentrator's serial number falls into the above range and you are experiencing any of the identified issues, you may upgrade your concentrator to the 4.1.2 software release and above and follow the instructions listed below.

4.1.2 release which can be found at the following link:
Software Download - Cisco VPN 3000 Concentrator Software

Instructions on how to upgrade your concentrator can be found at the following link:
Release Notes for Cisco VPN 3000 Series Concentrator, Release 4.1.1


Once you have upgraded your concentrator follow the procedure listed below:


Step 1 - Save the configuration file locally.


Step 2 - Backup all necessary files onto a remote host.
Instructions on how to save/backup your configuration can be found at the following link:
Cisco VPN 3000 Series Concentrators - File Management


Step 3 - From the CLI, prompt, navigate through the menus to:
Administration > File Management > Reformat Filesystem


Step 4 - At the prompt, type YES. After the reformat is complete, your running configuration will be automatically saved.


Step 5 - Reinstall the certificates.  

For More Information