Guest

Cisco VPN 3000 Series Concentrators

Field Notice: After Upgrading to 4.1 CVPN3005 Users May Experience a Failure to Generate SSL Certificates and a Failure to Save Their Configuration File Due to a Corrupt Compact Flash Image.


February 18, 2004


Products Affected

  • CVPN3005-E/FE

  • CVPN3005-E/FE-BUN

Serial Numbers

Sequential #

From CAM0708xxxx To CAM0750xxxx

Problem Description

After upgrading to 4.1 CVPN3005 users may experience a failure to generate Cisco Secure Socket Layer (SSL) certificates and a failure to save their configuration file due to a corrupt Compact Flash image.

VPN3005 Concentrators that are affected fall into the following serial number range:

CAM0708xxxx - CAM0750xxxx

The xxxx equals any alphanumeric number.

Background

Due to a manufacturing process error in the duplication of CVPN3005 Compact Flash images, the Flash file system becomes corrupt causing the noted failures.

Problem Symptoms

Customers with a concentrator in the above serial number range who have recently upgraded to the 4.1 image may experience two different problems:

  1. Customers that attempt to save their configuration file will encounter a write error window when the Save / Save Needed link is clicked on in the VPN3005 Concentrator's user interface. The following popup will be displayed:

    fn29215_ht8xqi.jpg

  2. A failure to save certificates to the file system will generate a SSL event, as well as display certificate errors under the GUI Administration | File Management menu.

    1. On a pre-configured concentrator, upon boot the concentrator will generate the following event:

      21 02/12/2004 06:39:13.090 SEV=4 SSL/16 RPT=2 
      Unable to create SSL default context on private interface: no certificate.
      
    2. Under Administration | File Management, the following error will be displayed:

      fn29215_ht8xhx.jpg

      Under Administration | Certificates Management, the SSL Certificate for the configured interface(s) will display the following:

      No Certificate Installed
      

Workaround/Solution

If your CVPN3005 concentrator's serial number falls into the above range , you are experiencing any of the above listed issues and have upgraded to software release 4.1, upgrade your concentrator to the 4.1.1 release which can be found on the Cisco VPN 3000 Concentrator Software (registered customers only) page.

Instructions on how to upgrade your concentrator can be found in the Release Notes for Cisco VPN 3000 Series Concentrator, Release 4.1.1

Once you have upgraded your concentrator follow the procedure listed below:

  1. Save the configuration file locally.

  2. Backup all necessary files onto a remote host.

    Instructions on how to save and backup your configuration can be found on the File Management section of the VPN 3000 Series Concentrator Reference Volume II: Administration and Monitoring, Release 4.1

  3. From the CLI, prompt, navigate through the menus to: Administration > File Management > Reformat Filesystem

  4. At the prompt, type YES. After the reformat is complete, your running configuration will be automatically saved.

  5. Reinstall the certificates.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCed66779 (registered customers only)

Unable to save configuration after upgrade to 4.1

CSCed72955 (registered customers only)

Compact Flash file system corrupted

CSCed68739 (registered customers only)

Feature: Add capability to reformat file system from CLI

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.