February 18, 2004
From CAM0708xxxx To CAM0750xxxx
After upgrading to 4.1 CVPN3005 users may experience a failure to generate Cisco Secure Socket Layer (SSL) certificates and a failure to save their configuration file due to a corrupt Compact Flash image.
VPN3005 Concentrators that are affected fall into the following serial number range:
CAM0708xxxx - CAM0750xxxx
The xxxx equals any alphanumeric number.
Due to a manufacturing process error in the duplication of CVPN3005 Compact Flash images, the Flash file system becomes corrupt causing the noted failures.
Customers with a concentrator in the above serial number range who have recently upgraded to the 4.1 image may experience two different problems:
Customers that attempt to save their configuration file will encounter a write error window when the Save / Save Needed link is clicked on in the VPN3005 Concentrator's user interface. The following popup will be displayed:
A failure to save certificates to the file system will generate a SSL event, as well as display certificate errors under the GUI Administration | File Management menu.
On a pre-configured concentrator, upon boot the concentrator will generate the following event:
21 02/12/2004 06:39:13.090 SEV=4 SSL/16 RPT=2
Unable to create SSL default context on private interface: no certificate.
Under Administration | File Management, the following error will be displayed:
Under Administration | Certificates Management, the SSL Certificate for the configured interface(s) will display the following:
No Certificate Installed
If your CVPN3005 concentrator's serial number falls into the above range , you are experiencing any of the above listed issues and have upgraded to software release 4.1, upgrade your concentrator to the 4.1.1 release which can be found on the Cisco VPN 3000 Concentrator Software (registered customers only) page.
Instructions on how to upgrade your concentrator can be found in the Release Notes for Cisco VPN 3000 Series Concentrator, Release 4.1.1
Once you have upgraded your concentrator follow the procedure listed below:
Save the configuration file locally.
Backup all necessary files onto a remote host.
Instructions on how to save and backup your configuration can be found on the File Management section of the VPN 3000 Series Concentrator Reference Volume II: Administration and Monitoring, Release 4.1
From the CLI, prompt, navigate through the menus to: Administration > File Management > Reformat Filesystem
At the prompt, type YES. After the reformat is complete, your running configuration will be automatically saved.
Reinstall the certificates.
To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.