Guest

Cisco Secure Access Control Server for Windows

Release Notes for Cisco Secure ACS 4.2.1

  • Viewing Options

  • PDF (323.7 KB)
  • Feedback
Release Notes for the Cisco Secure Access Control Server 4.2.1

Table Of Contents

Release Notes for the Cisco Secure Access Control Server 4.2.1

Contents

Introduction

New and Changed Information

New Features

Windows 64-bit Support for Remote Agent

Ports to be added in Windows 2008 Firewall

Installation Notes

Installation Notes for ACS 4.2.1 for Windows

Upgrade Path for ACS 4.2.1 for Windows

System Requirements for ACS 4.2.1 for Windows

Installing ACS 4.2.1 for Windows

Installation Notes for ACS 4.2.1 Solution Engine

Upgrade Path for ACS 4.2.1 Solution Engine

System Requirements for ACS 4.2.1 Solution Engine

Installing ACS 4.2.1 for Solution Engine

Known Caveats

Resolved Caveats

Documentation Updates

Omissions

Changes

Updates

Product Documentation

Related Documentation

Notices

OpenSSL/Open SSL Project

License Issues

Obtaining Documentation and Submitting a Service Request


Release Notes for the Cisco Secure Access Control Server 4.2.1


Revised: January 15, 2010, OL-16293-01

These release notes pertain to the Cisco Secure Access Control Server, hereafter referred to as ACS version 4.2.1. These release notes contain information for the Windows and Solution Engine(SE) platforms. Where necessary, the appropriate platform is clearly identified.

Contents

Introduction

New and Changed Information

Installation Notes

Known Caveats

Resolved Caveats

Documentation Updates

Product Documentation

Related Documentation

Notices

Obtaining Documentation and Submitting a Service Request

Introduction

ACS 4.2.1 is a maintenance release for ACS 4.2 that resolves customer and internally found defects. ACS 4.2.1 is available for download from Cisco.com only for upgrading the existing ACS 4.2 software deployment.

New and Changed Information

ACS 4.2.1 contains the following new and changed information:

New Features

Windows 64-bit Support for Remote Agent

Ports to be added in Windows 2008 Firewall

New Features

Cipher Suite Configuration—You will be able to construct your preferred order of Cipher-Suites. During the handshake phase of EAP-TLs and PEAP authentications, ACS will search for the Cipher-Suite in the same order that you have selected. If the client's Cipher-Suite list does not contain at least one of the Cipher-Suites that you have selected, the handshake will fail.

Multi Instance and Multi line TACACS+ AV Pair—ACS 4.2.1 supports multiple instances of TACACS+ AV pair to help you overcome the limitation in length and multiple lines while specifying value for TACACS+ custom attributes. If the value of the AV pair exceeds 255 characters or if you want to give the value for the AV pair in multiple lines, then defining multiple instances for the AV pair will help you to achieve this.

Configuration Dump for Auditing—ACS 4.2.1 provides an option to dump user, group, and administrator information in a more user-friendly format. The output will be dumped into a text file.

64-bit Windows compatibility—ACS 4.2.1 provides 64-bit Windows support for ACS Windows and ACS remote agent.

RSA 7.x compatibility—ACS 4.2.1 provides support for RSA version 7.x.

Windows 64-bit Support for Remote Agent

ACS 4.2.1 Remote Agent is supported on the following Windows 64-bit OS:

Windows Server 2008, Standard Edition with Service Pack 2

Windows Server 2008, Enterprise Edition with Service Pack 2

Windows Server 2003, R2, Standard Edition with Service Pack 2

Windows Server 2003, R2, Enterprise Edition with Service Pack 2

Ports to be added in Windows 2008 Firewall

In Windows 2008, the following firewall ports must remain open, as ACS uses them.

Port Name
Port Number

RADIUS Authentication and Authorization (original draft RFC)

1645

RADIUS Accounting (original draft RFC)

1646

RADIUS Authentication and Authorization (revised draft RFC)

1812

RADIUS Accounting (revised draft RFC)

1813

TACACS+ AAA

49

Replication and RDBMS Synchronization

2000

Cisco Secure ACS Remote Logging

2001

Cisco Secure ACS Distributed Logging (appliance only)

2003

HTTP Administrative Access (at login)

2002

DHCP

68


Installation Notes

This section contains installation information for ACS 4.2.1.

Installation Notes for ACS 4.2.1 for Windows

This section contains:

Upgrade Path for ACS 4.2.1 for Windows

System Requirements for ACS 4.2.1 for Windows

Installing ACS 4.2.1 for Windows

Upgrade Path for ACS 4.2.1 for Windows

For more information on ACS 4.2.1 upgrade paths, see the Installation Guide for Cisco Secure ACS for Windows 4.2.1.

System Requirements for ACS 4.2.1 for Windows

For information on supported operating systems and web browsers, see the Installation Guide for Cisco Secure ACS for Windows 4.2.1.

Installing ACS 4.2.1 for Windows

For more information on installing ACS 4.2.1 on windows, see the Installation Guide for Cisco Secure ACS for Windows 4.2.1.

Installation Notes for ACS 4.2.1 Solution Engine

Upgrade Path for ACS 4.2.1 Solution Engine

System Requirements for ACS 4.2.1 Solution Engine

Installing ACS 4.2.1 for Solution Engine

Upgrade Path for ACS 4.2.1 Solution Engine

For more information on ACS 4.2.1 upgrade paths, see the Installation Guide for Cisco Secure ACS Solution Engine 4.2.1.

System Requirements for ACS 4.2.1 Solution Engine

For information on the system requirements for the Solution Engine, see the Installation Guide for Cisco Secure ACS Solution Engine 4.2.1.

Installing ACS 4.2.1 for Solution Engine

For more information on installing ACS 4.2.1 on solution engine, see the Installation Guide for Cisco Secure ACS Solution Engine 4.2.1.

Known Caveats

Table 1 contains known caveats in ACS for Windows and Solution Engine 4.2.1. You can also use the Bug Toolkit on Cisco.com to find any open bugs that might not appear here.

Table 1 Known Caveats in ACS Windows and Solution Engine 4.2.1 

Bug ID
Summary
Explanation

CSCta89022

Win2008 on 64-bit machine, problem in stopping and starting services occasionally.

Symptom    In Win2008 64-bit machine, sometimes there is a problem in stopping or starting the ACS services. For example, attempting to stop CSAdmin will take longer time to stop or it will not stop at all.

Conditions   The symptom occurs during installation of ACS 4.2.1 or in any other flow where stopping of a service is required.

Workaround   When you install ACS 4.2.1 on Win2008 64-bit machine, you must first install ACS 4.2. At the end of ACS 4.2 installation, do not start the ACS services

CSCtb75397

Changing IP address from static to DHCP sets the server values to default.

Symptom    When you change the IP address from static to DHCP with the set ip command, the AAA server name changes from self to hostname. Authentication fails and ACS becomes unresponsive.

Conditions   The symptom occurs while setting the IP address through the DHCP server.

Workaround   Update the shared secret and other attributes for the self entry present under Network configuration section.

CSCta75366

Custom attributes of TACACS new service do not get updated.

Symptom    Create a New Services name in Interface Configuration > TACACS (Cisco IOS), with space in protocol name and submit the page. In the User and Group Setup, specify custom attribute for the new service, submit the form and open again. The values in the services are not updated.

Conditions   Protocol name of the new service has space in it.

Workaround   Do not use space in the protocol name.

CSCta06382

ACS SE- Changing communication or RADIUS port requires new admin session.

Symptom    In ACS SE, if you change the communication port from System configuration > Service Control, then ACS GUI session is lost. The same behavior is seen when you make any change and click Submit + Apply for self entry under AAA Server pane of the Network Configuration page.

Conditions   It occurs only in ACS SE when you change either the communication port configuration under System Configuration > Service Control page or click Submit + Apply for self entry under AAA server pane of the Network Configuration page.

Workaround   Restart the CSAdmin services.

CSCsv27592

ACS upgrade from 3.x to 4.x does not warn if NAS devices are lost.

Symptom    After an upgrade from ACS 3.3.x to ACS 4.1.x or to
ACS 4.2.x, NAS entries that contain more than 16K characters of IP addresses are truncated to 4K characters with no error message in the install.log.

Conditions   Upgrade from ACS 3.3.x to ACS 4.1.1.24 or to
ACS 4.2.0.124. If you have a NAS entry with more than 16000 characters.

Workaround   None. You have to manually check the NAS entries after the upgrade to find out which entries are with missing IP addresses.

CSCsm20214

ACS 4.2 uninstall fails when a read-only file is present in the program files folder.

Symptom    Upgrade or uninstall failure.

Conditions   During upgrade or uninstalling ACS, if there is a read-only file in the ACS folder under program files.

Workaround   Provide full read and write permission.

CSCsb22897

Generating package, displays run time error message instead of disk space error message.

Symptom    Running CSSupport throws run time error when sufficient disk space is not available.

Conditions   The machine on which ACS is installed does not have sufficient disk space.

Workaround   Make some free space in the disk and then try to run CSSupport again. At least 4 GB of free hard drive space is required. 16 GB of free hard drive space is recommended.

CSCsx31696

CSDBsync failing to parse IP address with trailing blanks.

Symptom    RDBMS sync (CSDBSync) does not trim the trailing spaces in the IP address before importing it to ACS. This leads to IP address being represented as 0.0.0.0 in ACS.

Conditions   The DB from which RDBMS sync takes the data for import has trailing spaces in the IP address.

Workaround   Remove the trailing space from the IP address and then use RDBMS sync.

CSCta13106

Logging in Cipher Suite needs improvisation.

Symptom    If the Cipher Suite selected in ACS and the one sent by the supplicant are not matching, it displays a generic error message EAP-TLS or PEAP authentication failed during SSL handshake, in reports.

Conditions   Mismatch of Cipher Suite between the one selected in ACS and the one sent by the supplicant.

Workaround   None.

CSCta69034

Cipher suite names in Cipher Suite Configuration page are not RFC compliant.

Symptom    Names of the ciphers that are displayed in ACS GUI under Cipher Suite Selection page, are not RFC complaint.

Conditions   When EAP-TLS or PEAP protocol is enabled in ACS.

Workaround   ACS uses OpenSSL library for certificate based authentication. The names of the cipher suite are also taken from OpenSSL. Hence there is no work around.

CSCta93462

MOTD with maximum characters are not displayed properly in Firefox.

Symptom    If the text given for Message of the Day does not have space between the words, then in FireFox browser, the text is not displayed properly.

Conditions   If ACS GUI is launched using FireFox then this issue may be seen.

Workaround   While adding text for the Message of the Day, give space between words.

CSCtb21359

Auth, TCS logs and CSUtil throws Bad EndPoint Address trapped error message.

Symptom    CSUtil throws the error Bad EndPoint Address <0x00000000> trapped, while importing users when the file contains ONLINE, but the user gets added successfully in ACS. The message is not appearing when the file contains OFFLINE.

Conditions   The issue is seen when the input file used for CSUtil import user functionality contains ONLINE.

Workaround   Use OFFLINE in the input file used for CSUtil import user.

CSCtb51914

After upgrade, Time bound alternate Group option becomes disabled.

Symptom    Time bound alternate Group option configured under User settings becomes disabled after upgrading to ACS 4.2.1

Conditions   The issue occurs for Time bound alternate Group option after upgrading to ACS 4.2.1.

Workaround   After upgrading to ACS 4.2.1, select the user and enable the Time bound alternate Group option again.

CSCsx21304

File generation error occurs when adding NAC attribute on ACS SE.

Symptom    In ACS SE, File generation error occurs when you add NAC attribute from the NAC Attributes Management page.

Conditions   In ACS SE 4.2.0.124.7, using NAC Attributes Management page to add NAC attribute.

Workaround   Stop the CSAgent (as it blocks the file generation when adding NAC attribute on ACS SE) and add the NAC attribute. To fix the problem permanently, take the NACattrFix_Patch from Cisco.com and apply it on ACS SE.

CSCsz69843

ACS SE - Problem when default proxy is updated with different ACS server.

Symptom    No proxy to default proxy servers.

Conditions   When ACS SE 4.2.0.124.10 is configured with the following three entries in the proxy distribution table:

@domain1 > proxy to ACS itself

@fake.domain > proxy to 2 Linux Radius servers

@domain2 > proxy to 2 Linux Radius servers

and you remove the second dummy entry to proxy requests for @fake.domain, ACS stops forwarding the access-challenges from the Linux Radius servers to the AAA client, when you try to authenticate users from domain2. If you keep the second entry for the non-existing @fake.domain, then access-challenges are correctly forwarded by ACS from the RADIUS servers to the AAA client, when authenticating user is in domain2.

Workaround   Keep a second dummy entry in the proxy distribution table.

CSCtd48247

ACS SE 4.2.1 - OS updates are not part of 4.2.1.

Symptom    OS update or hotfixes are not part of ACS SE 4.2.1.

Conditions   Applicable for ACS SE 4.2.1.

Workaround   The OS updates or hot fixes are applicable only when the related vulnerability is affecting ACS SE. Cisco publishes the appliance patches containing the relevant hotfix if ACS SE is found to be affected by the related vulnerability. Such patches posted for ACS SE 4.2, are applicable to ACS 4.2.1 as well. If those patches are already applied on top of ACS 4.2, then it is not necessary to update the same patch on top of ACS 4.2.1.


Resolved Caveats

Table 2 contains the resolved caveats for ACS 4.2.1. Check the Bug Toolkit on Cisco.com for any resolved bugs that might not appear here.

Table 2 Resolved Caveats 

Bug ID
Description

CSCee33692

Deceptive message displayed on enabling of a disabled group.

CSCef31265

ACS UI can not accept more than 160 characters while it should accept 255.

CSCeg34532

FTP to ACS Appliance fails if colon (:) is present in the user password.

CSCse92069

ACS database replication port should be configurable.

CSCse93831

Number of IP addresses per AAA client is limited in ACS 4.0.

CSCsf02761

ACS sends the accounting response to a wrong NAS IP address.

CSCsf06481

HTTPS option is passed along for the improper component in replication.

CSCsf25057

ACS support for TACACS single-connection.

CSCsg07191

After replication, machine authentication is not working till restart.

CSCsg19053

Need to update TCS max session logging for ACS 4.0.

CSCsg24486

Two TACACS New Services with similar names have issues with data.

CSCsh37811

RDS log message is not clear.

CSCsh56547

Enhancement: ACS and Remote Agent should support 64-bit systems.

CSCsh58524

Username does not get strip in radius accounting log.

CSCsi18979

ACS WIndows and SE missing Juniper VSA.

CSCsi27554

ACS 4.1: EAP-FAST secondary does not switch to Slave.

CSCsi43841

RADIUS ports should be configurable to other ports apart from the standard ports.

CSCsi55085

ACS services not started after replicate/reboot on machine with dual CPU.

CSCsj12604

When trying to bulk import ODBC, operation failed.

CSCsj60407

ACS Backup filename is changed to uppercase letters.

CSCsj87562

Remote Logging Reports shows wrong information.

CSCsj88727

ACS Windows and SE Juniper VSAs incomplete.

CSCsk06231

Renaming NDG with same name but changing case cause devices to disappear.

CSCsk09761

Called station ID value not logged in passed/failed attempts reports.

CSCsk27193

Can not use <cr> while entering multiple MAC addresses.

CSCsk46283

AAA client shows empty shared secret while displaying-Intermittently.

CSCsk89270

Extra certificates copied into ACS backup file.

CSCsk94878

Windows password change does not work when PDC Emulator is down.

CSCsl14811

AND/OR comparisons should be dimmed if Enter OIDs option is disabled.

CSCsl14964

EAP-TLS fails when CA has Cert Policies Field marked as critical attribute.

CSCsl16871

CSUtil is stripping username while creating PAC.

CSCsl50122

ACS SE needs configurable RA timeout value.

CSCsl79098

ACS does not verify SubjectKeyID / AuthorityKeyID in CertChain building.

CSCsl87951

Server IP address changed to loopback IP address after upgrade of PingOn patch.

CSCsl96222

Appliance RDBMS Sync: Failed to connect to FTP server.

CSCsl99170

Logged in Users not functional in Proxy Scenario.

CSCsm07762

Drop Down Menu not functional for posture token - do not audit groups.

CSCsm20261

TCS.log does not show TACACS arguments for requests coming from multi-NAS.

CSCsm35434

Scheduled replication for logging configuration does not happen.

CSCsm36747

Increasing memory consumption in the CSAdmin during import process.

CSCsm37923

Feature Request: ACS to accept multiple lines per AV-pair service.

CSCsm43674

Fields edited for an upgraded user gives wrong information in AdminstrnAudit.

CSCsm45861

Windows DB Group Mapping failing when username is in UPN format.

CSCsm57566

Windows user fails when ODBC has placed above windB in UnkwnUserPolicy.

CSCsm60215

ACS Appliance has authorization issues with extended attributes.

CSCsm64286

Request from NAS fails when default NAS is defined under NDG.

CSCsm64931

NAR does not filter users when "Apply password change rule " is selected.

CSCsm66268

Group Mapping fails with Ext DB when service-type=10, if there is no NAP.

CSCsm69491

Disable user accounts still check external databases.

CSCsm71037

CSAgent does not start after bootup.

CSCsm73656

Cannot set static IP address.

CSCsm76971

Remote Agent replication interferes with scalability.

CSCsm80294

NAR should block users from changing their password.

CSCsm81318

Windows Remote Agent 'PermittedClients' value not working as expected.

CSCsm94926

Group name should not contain quotes (` ").

CSCsm99518

ACS does not log authentication timeouts with Failed Attempts.

CSCsm99926

ACS 4.1 EAP-FAST provisioning repeatedly prompts for username.

CSCso18058

Update ASA attribute IETF code 3076/220.

CSCso25557

Need toggle option for ACS and cross domain authentication.

CSCso27533

CSUtil should not import device names with length more than 32 characters.

CSCso36620

Toggle nic command changes AAA server IP address to 127.0.0.1 in GUI.

CSCso39795

Disable and Enable Network Card in S/W ACS results in Loop Back.

CSCso40236

Update ACS VSA dictionary to include Nortal VSA.

CSCso42219

ACS GUI - IP Length Checking should be increased to 16000.

CSCso45115

ACS-SE: unable to set IP address with last octet being "0" or "255".

CSCso48631

Authen-failure-code 107 message should be changed.

CSCso49824

Help about Single connect option on AAA client configuration needs modification.

CSCso55280

ACS session handling for EAP packet retransmission need improvement.

CSCso62885

ACS incorrectly parses VSA subattributes.

CSCso75686

Support for Multiple LDAP servers for MAB.

CSCso84928

ACS 4.1.4 - Multiple LDAP bindings with wrong user credentials.

CSCso87631

Authentication request reject during the EAP-FAST(GTC) with NAP.

CSCsq00710

ACS: RDBMs VSA Import creates invalid vendor length.

CSCsq00793

Add MS attributes 28-31 to ACS dictionary.

CSCsq10103

Crafted RADIUS EAP Message Attribute vulnerability.

CSCsq12377

After Replication, Remote Agent is not working in Slave.

CSCsq13749

Started and Completed Inbound Replication logs shows different ACS name.

CSCsq16917

ACS failed to Restore Remote Agent.

CSCsq24607

Replication creates new CSV report files on the secondary server.

CSCsq29364

Password change does not work using XP supplicant against AD.

CSCsq31732

External DB is checked for Cached Expired user (Account Disabled).

CSCsq36634

CSMON configured for event notification but does not always notify.

CSCsq43088

ACS: Token Caching for Session not allowing multiple logins.

CSCsq45036

ACS 4.2 RAC/NAP Authentication - User assigned to Default Group VLAN.

CSCsq45858

Remote Agent log level should follow ACS Config Provider log level.

CSCsq52930

With NDG, services not starting after upgrade to ACS 4.1.4.13.9 or ACS 4.2.0.124.1.

CSCsq58224

Need to select the database for TACSACS+ authentication at NDG level.

CSCsq65591

Windows authentications fails when ACS install on Windows 2008 member server.

CSCsq68508

ACS: Tunneling-Protocols missing SVC combo attributes.

CSCsq79127

CSUpdate does not behave correctly when doing an upgrade.

CSCsq81191

Problem in initializing the logging component of the RsaDserv.dll.

CSCsq86723

Need to select the database for TACACS+ authentication at NAS level.

CSCsq87007

Machine Authentication fail host is not in PrimaryDNSSuffix.

CSCsq93877

LDAP bind fails first time with clients using RSA token.

CSCsq96755

ACS needs manual restart to recover machine authentication.

CSCsr07796

Doc: How to manually uninstall the Remote Agent for the ACS 4.2.

CSCsr08890

CSUtil import fails when user does not exist.

CSCsr08901

CSUtil import misleading when given invalid group number.

CSCsr56625

Telnet service is available once after getting a DHCP address.

CSCsr68278

ACS 4.2 does not allow a blank TACACS+ key.

CSCsr73840

ACS does not try all the DBs when dynamic user created and DB is dead.

CSCsr77405

ACS and RSA version 7.x capability.

CSCsr95985

CSRadius does not terminate when it cannot bind to its socket.

CSCsr97958

Replication: password aging on primary does not take effect on secondary.

CSCsr98419

SSL based EAP authentication fails after replication.

CSCsu24347

Reporting Needed for Multiple LDAP servers for MAB.

CSCsu29010

Incorrect Prompt for 'Next Token Code' from RSA.

CSCsu35277

ACS needs consistent method of ordering MAB LDAP query order.

CSCsu39804

ACS generates "Internal Error" when supplicant responses with fail.

CSCsu42166

Incorrect group name in failed attempts report for MAB.

CSCsu75688

Local PWD Management Restrictions not enforced on TACACS Outbound PWD.

CSCsu76869

Upgrade fails to list Internal DB under "Selected MAC DB" for MAB.

CSCsu79556

Replication: NAP enabled, Log config disabled, Log Config replication occurs.

CSCsu86423

Password expiration warning sent with no warning configured.

CSCsu86529

ACS attempts to contact RSA server at 0.0.0.0.

CSCsu92279

ACS Appliance: Config on AAA Server Names is changed after the Reboot.

CSCsv04715

Excessive logging with "no challenge provided by client".

CSCsv05172

Notification message is not shown at the end of the configuration.

CSCsv10062

CSTacacs service restarts frequently.

CSCsv12463

Package.cab does not contain active log files.

CSCsv14521

RA per check box should not be replicated with NAP by default.

CSCsv45003

Update Sybase engine to version 9.0.2.

CSCsv46161

For disabled users, ACS sends an Access-Reject with empty EAP message.

CSCsv49287

PEAP-GTC and EAP-TLS might fail after replication.

CSCsv65072

Importing VSA results in incorrect value added.

CSCsv70331

Restore from database backup fails to register XML files from Common Services.

CSCsv97332

LDAP inside NAP not functional after replication in slave.

CSCsw18106

ASA 8.0: ACS 3076/11 attribute still needs more enumerations for SVC proto.

CSCsw37291

CSAuth memory leak after replication.

CSCsw45464

NIC goes administratively down in some 1113 appliances after toggling.

CSCsw61276

Copyright information needs to be corrected.

CSCsw74922

Need support of including message of session timeout for EAP-FAST GTC.

CSCsw98391

TACACS ACS Application does not display a Message of the day (MOTD) Banner.

CSCsw99081

RSA SecurID Token and LDAP Group Mapping not able to browse full AD tree.

CSCsx20586

InsistOnDomain should be manual configurable.

CSCsx21304

File generation error occurred when adding NAC attribute on ACS SE.

CSCsx31676

EAP performance degrades as load increases.

CSCsx33471

CSUtil fail if you add and delete users continuously.

CSCsx37420

CSTacacs service is crashing on ACS 4.2 on Windows 2000 Server.

CSCsx47459

The ACS server certificate chain will always be trusted by ACS.

CSCsx50157

ACS: Firefox 3 causes mangled shared secrets.

CSCsx50169

Connection timeout for ASLog to be reduced.

CSCsx79898

ACS 4.2 Command Authorization Crashing TACACS.

CSCsx95621

Events of ACS for Windows are not properly displayed in Event Viewer.

CSCsy00896

CAA fails to prompt for password change in ACS 4.2.0.124.7 code.

CSCsy03746

New Airespace attributes 7-11 are missing in ACS dictionary.

CSCsy10257

Extra failed attempt shows less informations.

CSCsy10302

ACS SE - CLI password with space or quotation (") causes loss of CLI access.

CSCsy14207

Two Failed Attempts are created for one authentication failure.

CSCsy20277

ACS Web GUI becomes unresponsive after making changes to configuration.

CSCsy28493

Error message occurred when adding a user using CSUtil.

CSCsy51412

Make the cipher suite selection configurable.

CSCsy51419

Include user and group configuration information in package.cab.

CSCsy53254

After RDBMS sync large DB causes: CPU 100% CSAdmin Unresponsive.

CSCsy64782

ACS caught an exception if EAP fragment has invalid length.

CSCsy66599

Password reset fails for username as administrator.

CSCsy66614

Accidental password exposure during password reset.

CSCsy68882

Fast reconnect fails w/PEAP when outer identity is different from inner.

CSCsy74073

Incorrect external DB reference in 'unknown user policy' while upgrading.

CSCsy76007

Database upgraded from ACS 4.0 has RA with empty name.

CSCsy76079

Auth log shows the user password while doing password change through UCP.

CSCsy78568

Fails to show help description for few CLI commands.

CSCsy79246

Wrong error message when CLI admin password contains last ten passwords.

CSCsy87086

Support for ACS 4.2 in CSACS-1120 appliance.

CSCsy93504

Cascade replication fails if master key replication is configured.

CSCsz08867

Merge issue on UCP in 4.2.1.

CSCsz09925

Server hostname with more than 15 chars causes ACS backup to fail.

CSCsz25693

LDAP PAP authentications stop working intermittently.

CSCsz31543

4.2.1 should not be allowed for fresh install.

CSCsz32016

ACS 4.2 patch 9 takes wrong group authorization attributes for MAB user.

CSCsz63498

ACS installed on 64-bit machine to work for PAP & MSCHAP against AD.

CSCsz66715

UCP version must be modified to 4.2.1.

CSCsz72292

Unable to upgrade to ACS 4.2.1 in 64 bit Windows 2008.

CSCsz72298

Unable to install ACS 4.2.1 Remote Agent in 64 bit Windows 2008.

CSCsz74768

CSUtil - Option for dumping configuration information of users and group.

CSCsx31676

EAP performance degrades as load increases.

CSCsz74810

SSH option to dump configuration information of users, groups and ACS administrators.

CSCsz81288

Request to add new fields in user audit log.

CSCsz81792

Replication component missing when ACS 4.2 dump is restored in ACS 4.2.1.

CSCsz82783

Logging is misleading when cascade replication delayed.

CSCsz86771

Invalid string in CSAuth log.

CSCsz87427

ACS 4.2.1 upgrade allows ACS 4.2 trial to become as licensed.

CSCsz93644

Unable to access ACS SE console after upgrade.

CSCsz94410

After configuring SSH FTP settings return to System Configuration page.

CSCsz94452

AdminAuditInfo file shows wrong info on group permissions.

CSCsz94495

AdminAuditInfo file in software contains appliance information.

CSCsz94562

Cipher Suite selection is allowed when no certificate in ACS.

CSCsz94633

Able to select cipher suites without selecting the "Use the list" option.

CSCsz96618

Able to select ext. dbs without selecting "check the following ext db".

CSCsz96706

Check box under failed Report gets enabled after restore of ACS 4.2.0 dump.

CSCsz96911

Information on Restore from 4.1 backup file needs to be removed in ACS 4.2.1.

CSCsz96936

ACS 4.2.1 to remove option to restore ACS 4.1 database. To support restore of ACS 4.2 database.

CSCta02818

Attributes are missing after taking package.cab.

CSCta06399

Backup - Add hostname does not work in Windows 2000.

CSCta07863

After upgrade, Global Loggin config options gets unselected.

CSCta10548

Unable to remove ACS with use of clean utility on Windows 2008 server.

CSCta13082

Max session for group is missing in GroupAuditInfo.txt.

CSCta13337

CSTacacs becomes unresponsive intermittently on Windows 2008 server.

CSCta17714

Page not displayed while creating RAC after selecting 3 comusr.

CSCta29722

NAC attribute logging fails.

CSCta32567

Profile data in GroupAuditInfo.txt should have delimiters.

CSCta34964

AD password change does not try remote domains if username has no domain.

CSCta35539

Reset Admin not working after ACS 4.2.1.

CSCta41339

Unable to uncheck support check box under Administration control.

CSCta42116

ACS 4.2.1 appliance package should allow upgrade only from ACS 4.2.

CSCta43892

Logging Configuration component missing after upgrade from ACS 4.2 to ACS 4.2.1.

CSCta44199

Irrelevant error message while adding GUI admin via CLI.

CSCta44301

Cipher suites are replicated to slave without certificates installed.

CSCta47036

Enable password missing shows wrong informatiom in userAuditInfo.txt.

CSCta48558

EAP-FAST master key replication is redundant after manual replication.

CSCta49246

GroupAuditInfo is different in package.cab and CSUtil file.

CSCta53207

ACS for Windows box replicates with an ACS SE.

CSCta60100

NAP sends down Framed-IP-Address from group when configured not to.

CSCta61744

Remote agent reaches maximum connections limit and does not accept new ones.

CSCta62147

Slow leak in ACS SE CSAuth memory during replication.

CSCta63451

ACS 4.2 GUI incorrectly states fast reconnect not supported w/eap-gtc.

CSCta65617

ACS fails to authenticate users when their base DN is greater than 255 characters.

CSCta66819

ACS CSLog service stale threads can cause remote logging failure.

CSCta68928

ACS fails to negotiate selected cipher suites.

CSCta68955

Fast reconnect fails, when outer identity is username.

CSCta69410

Tunneling-Protocols value is always '= (null)' in GroupAuditInfo.txt.

CSCta69414

Replication from master to slave makes all the slave component dirty.

CSCta69421

Wrong message when import device name with length more than 32 characters.

CSCta69425

Replication logs needs to be improved.

CSCta73160

CSAuth crashing in ACS 4.2.

CSCta74731

Incorrect error message when custom attribute added beyond 255 characters.

CSCta75344

ACS become unresponsive after changing IP address from static to DHCP.

CSCta93979

ACS 4.2 returns malformed tunnel-password if > 15 characters.

CSCta98045

Framed-Ip-Address is not logged in passed authentication report.

CSCtb01147

Blank Radius Port values are accepted for AAA server.

CSCtb06125

Outbound replication is triggered immediately after the inbound replicate.

CSCtb07726

EAP-FAST Mkey and policies replicated twice from middle to slave.

CSCtb08136

Could not configure RSA SecurID with RSA Agent 7.x.

CSCtb11304

NDG is not replicating during scheduled replication.

CSCtb20776

Changes by DBSync/CSUtil not triggering schedule replication for some components.

CSCtb22764

Memory leak while loading domain cache.

CSCtb27702

Could not replicate RemoteAgent in schedule replication.

CSCtb29022

Cipher suite option becomes default after overinstall.

CSCtb29060

Replication starts when there is change in replication component in the replication page.

CSCtb44114

UDB_HOST_DB_FAILURE message appears frequently in CSAuth.

CSCtb33686

Creating DSN in 64 bit ACS.

CSCtb31284

CSUtil -b creates extra file, when file format contains decimal point.

CSCtb44926

Upgrade from 4.2 to 4.2.1.10 overrides the cipher values in the ACS DB.

CSCtb62208

Improve ACS Active Directory TLS support.

CSCtb55104

Authentication fails against internal database if password contains either u or a.

CSCtb47428

Unable to edit default AAA server shared secret key.

CSCtb63994

Password change is failing when Apply Password Change Rule field is configured.

CSCtb75403

CSAuth crash in appliance during multi forest test - RA on 64 bit Windows 2008.

CSCsh42898

Key Wrap description still under EAP TLS section in short help.

CSCsm20214

ACS 4.2 uninstall fails when read-only file is in program files folder.

CSCso44662

Doc problem with upgrade path.

CSCso55299

Help in Support page gives wrong info about service restart.

CSCso61543

Configuring Remote Agent for Domain Controller Authentication.

CSCso68370

"set dbpassword" is not working in CLI.

CSCsq11763

Help not available for Remote Agent Configuration under Replication.

CSCsq28953

CSAuth crashes during outbound replication.

CSCsq46254

ACS SE 1113 has flashing amber light on front panel.

CSCsq72908

Junk character gets added in secret value field when creating new NDG.

CSCsq76020

UCP support Japanese Windows.

CSCsq77689

Help section not available for the new option to select ext DB in NDG.

CSCsq79080

ACS SE 1113 power requirements improperly documented.

CSCsu57008

Doc- Support for Win/AD 2008 should go into doc.

CSCsv02441

Reimaging installation process is incomplete.

CSCsv04865

ACS SE 1112 Enable Ping instructions unclear.

CSCsv04886

ACS SE Reimaging the SE section needs update.

CSCsw37321

Improve diagnostic logging for group mapping of AD users.

CSCsw43074

Maximum characters allowed in the AAA client IP is not documented.

CSCsw78364

ACS User Guide should say Machine Password change with AD not supported.

CSCsx46876

Exception can occur with CSAuth compiled in debug mode.

CSCsz92605

Remove the unwanted up and down buttons from Cipher selection.

CSCta05746

Online documentation needs to be updated on Cipher Suite Selection.

CSCta41347

Access denied to "SSH FTP Settings" when support is unselected in admin.

CSCta62633

ACS 4.2.1 - Readme needs to be updated.

CSCtb10522

Selecting search result from Online documentation is not working.

CSCtb33852

Edit CTL section needs to be updated in the user guide.

CSCtb38601

Diagnostic logs needs to be improved for replication flows.

CSCtb82999

CSlogAgent crash observed during remote logging with remote agent.

CSCtb85227

Client side validation required for "configurable radius port" feature.

CSCtb85495

SE Status page should not show default RDS port as opened after changed.

CSCtb87659

ACS GUI page not displayed. Unstable after changing ACS communication port.

CSCtb87732

Successful/failed changes by DBsync replicates some components by default.

CSCtb88490

In Slave after replication, Interface Configuration page shows Cannot switch off NDGs.

CSCtb90906

User guide to be updated for RSA support in 4.2.1.

CSCtb91507

CSUtil import using ONLINE statement throws exception.

CSCtb99885

Intermittent CSAuth crash while replication when first replication is in progress.

CSCtc17025

Remote Logging config lost after changing ACS Communication Port.

CSCtc17033

Service Restart takes more time after enabling disabling ACS Communication port.

CSCtc41491

ACS auth.log Error 1808L and event log Error Code: 0xc0000199.

CSCtc54696

ACS: Crash in CSDBSync.

CSCtc67489

CSRadius service might stop if it receives a malformed request.

CSCtc67739

Windows Remote Agent Selection is not replicated during scheduled rep.

CSCtc81506

Correction in diagnostic log.

CSCtc84255

Could not configure RSA SecurID in appliance.

CSCtc90082

Restoring both user and SysConf when only UserAndGroupDB is selected.

CSCtc94007

RADIUS Ports are not replicating when sent with NAP.

CSCtc93636

No Warning message is displayed for password expiry.

CSCtd00510

Need ACS Services restart in proxy auth with RADIUS port change.

CSCtd15941

Manual restart needed after change the radius port no for authentication.

CSCtd18667

Client side validation required for ACS Service Connection Timeout.

CSCtd19858

ACS Replication may fail with bad secret.

CSCtd30608

Timeout during RSA SecurID authentication in appliance.

CSCtc86913

CSAuth hangs occasionally as replication flow is not able to delete temporary table.

CSCtd18394

CSlogAgent crashed when changing logging level in ACS Service Control.


Documentation Updates

This section provides the following documentation updates:

Omissions

Changes

Updates

Omissions

Flashing Amber Light on Front Panel of ACS SE 1113

In the online Installation Guide for Cisco Secure ACS Solution Engine 4.2, the following information was omitted from the Front Panel Features for the Cisco 1113 section in Chapter 1:

When ACS 4.1 or ACS 4.2 is run on the ACS SE 1113 appliance, an amber light flashes on the front panel of the 1113 appliance.

ACS for Windows Server UCP Requirements

In the online Installation Guide for Cisco Secure ACS for Windows 4.2, the following information was omitted from Table1-1 ACS for Windows Server UCP Requirements in Chapter 1.

Japanese Windows 2003 server, Service Pack 2, Enterprise Edition.

Japanese Windows 2003 server, Service Pack 2, R2, Enterprise Edition.

Japanese Windows 2003 server, Service Pack 2, Standard Edition.

Japanese Windows 2003 server, Service Pack 2, R2, Standard Edition.

This information pertains to the minimum requirements for User Changeable Password (UCP) Web Server Product Documentation.

Number of Characters for AAA Client IP Configuration

In the online User Guide for Cisco Secure Access Control Server 4.2, the following information was omitted from the AAA Client IP Address section, in Configuring AAA Clients, Chapter 3.

The maximum number of characters that can be configured for a AAA client IP configuration varies for different version of ACS. The following table provides details on the number of characters that can be used for different releases of ACS.

Table 3 Number of Characters

Release Version
Size of IP-List

4.1.1.23

1024 characters

4.2.0.124

4096 characters

4.2.1

16k


Changes

Permission for the AD folder

In the online Installation Guide for Cisco Secure ACS Solution Engine 4.2, Chapter 2, Configuring for Domain Controller Authentication section, Step 4b on granting permission for the AD folders needs to be changed to:

1. To grant permission for AD folders, access AD by using the MMC or open Active Directory Users and Computers.

2. Right-click on USER folder, select Delegate Control, and add the above created domain user.

Collect Log files

In the online User Guide for Cisco Secure Access Control Server 4.2, Chapter 7, Running Support section, the following changes need to be made:

From Step 3, the following information needs to be removed:

If you select this option, ACS services are not restarted during the generation of package.cab.

After Step 6, the following needs to be added:

a. A message appears, displaying Services will restart.

b. Click OK.

Updates

Change Password with AD

In the online User Guide for Cisco Secure Access Control Server 4.2, Chapter 12, Windows User Database Configuration Options, MS-CHAP Settings section, the following Note must be added to this section:


Note Changing the machine password with AD is not supported.


Enable ICMP Ping

In the online Installation Guide for Cisco Secure ACS Solution Engine 4.2, Chapter 3, Enable ICMP Ping section, Step 1 and the Note need to be revised.

Extract the files in the applAcs_4.x-PingTurnOn_CSCsf15057_Patch.zip folder to the windows system that runs the .bat file.


Note To enable ICMP ping, you must copy the applAcs_4.x-PingTurnOn_CSCsf15057_Patch.zip file to a windows system that runs the .bat file. After this, you must install the applAcs_4.x-PingTurnOn_CSCsf15057_Patch.zip file on the appliance.


Uninstalling ACS Remote Agent for Windows Manually

In the online Installation and Configuration Guide for Cisco Secure ACS Remote Agents 4.2, Chapter 2, Uninstalling ACS Remote Agent for Windows, the information on uninstalling the ACS Remote Agent needs to be revised.

If you cannot uninstall Remote Agent for Windows via the control panel, you can uninstall the Remote Agent for Windows manually.

To uninstall the Remote Agent for Windows manually:


Step 1 Navigate to the system registry and delete the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CiscoSecure ACS Agent registry key.

Step 2 Navigate to C:\Program Files\Cisco and delete the CiscoSecure ACS Agent folder.

Step 3 Delete the HKEY_LOCAL_MACHINE\SOFTWARE\Cisco\CiscoSecure ACS Agent registry key.

Remote Agent for Windows is uninstalled.


Re-imaging the Solution Engine Hard Drive

In the online Installation Guide for Cisco Secure ACS Solution Engine 4.2, Chapter 4, Reimaging the Solution Engine Hard Drive section, the following updates need to be made:

Step 1 needs to be updated to:

Connect an external keyboard and monitor to the video and keyboard ports. For the location of these ports, see Figure 1-3.

The result for Step 3 and Step 4, needs to be updated to:

Result: The monitor displays.

The result for Step 5 needs to be updated to:

Result: The appliance processes the new image (reimaging might take approximately 50 minutes) while displaying odd characters and then displays the following message on the console.

The following note must be added to Step 5.


Note ACS 4.2 provides three CDs for the installation process. During the middle of the installation process, you will be prompted to insert the second CD.


Back Panel Features for the Cisco 1113

In the online Installation Guide for Cisco Secure ACS Solution Engine 4.2, Chapter 1, the table for Figure 1-3, the description for No.5 needs to be updated to:

Video connector is supported.

Updates to the Release Notes for the Cisco Secure Access Control Server 4.2.1

Table 4 provides the details of the updates made to the Release Notes for the Cisco Secure Access Control Server 4.2.1.

Table 4 Updates to the Release Notes for the Cisco Secure Access Control Server 4.2.1

Date
Updates

12/18/2009

Added Windows 64-bit Support for Remote Agent


Product Documentation


Note We sometimes update the printed and electronic documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.


Table 5 describes the product documentation that is available. To find end-user documentation for all the products on Cisco.com, go to:

http://www.cisco.com/go/techdocs

Table 5 Product Documentation 

Document Title
Available Formats

User Guide for Cisco Secure Access Control Server 4.2.1

On Cisco.com:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_list.html

You can also access the user guide by clicking Online Documentation in the ACS navigation menu. The user guide PDF is available on this page by clicking View PDF.

Installation Guide for Cisco Secure ACS for Windows 4.2.1

On Cisco.com:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_installation_guides_list.html

Installation Guide for Cisco Secure ACS Solution Engine 4.2.1

On Cisco.com:

http://www.cisco.com/en/US/products/sw/secursw/ps5338/prod_installation_guides_list.html

Release Notes for Cisco Secure ACS 4.2.1

On Cisco.com:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_release_notes_list.html

Online Documentation

In the ACS HTML interface, click Online Documentation.

Short help

Provides help topics for all pages in the ACS web interface. Select an option from the ACS web interface; the help appears in the right pane when you are configuring a feature.


Related Documentation


Note We sometimes update the printed and electronic documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.


Table 6 describes the related documentation that is available.

Table 6 Related Documentation 

Document Title
Available Formats

User Guide for Cisco Secure Access Control Server 4.2

On Cisco.com:

http://www.cisco.com/en/US/docs/net_mgmt/
cisco_secure_access_control_server_for_windows/4.2/
user/guide/ACS4_2UG.html

Installation Guide for Cisco Secure ACS for Windows 4.2

On Cisco.com:

http://www.cisco.com/en/US/docs/net_mgmt/
cisco_secure_access_control_server_for_windows/4.2/
installation/guide/windows/IGwn42.html

Installation Guide for Cisco Secure ACS Solution Engine 4.2

On Cisco.com:

http://www.cisco.com/en/US/docs/net_mgmt/
cisco_secure_access_control_server_for_solution_engine/4.2/
installation/guide/solution_engine/SE42.html

Release Notes for Cisco Secure ACS 4.2

On Cisco.com:

http://www.cisco.com/en/US/docs/net_mgmt/
cisco_secure_access_control_server_for_windows/
4.2/release/notes/ACS42_RN.html

Documentation Guide for Cisco Secure ACS Release 4.2

On Cisco.com:

http://www.cisco.com/en/US/docs/net_mgmt/
cisco_secure_access_control_server_for_windows/4.2/
roadmap/DGuide42.html

Configuration Guide for Cisco Secure ACS 4.2

On Cisco.com:

http://www.cisco.com/en/US/docs/net_mgmt/
cisco_secure_access_control_server_for_windows/
4.2/configuration/guide/acs42_config_guide.html

Installation and User Guide for Cisco Secure ACS User Changeable Passwords 4.2

On Cisco.com:

http://www.cisco.com/en/US/docs/net_mgmt/
cisco_secure_access_control_server_for_windows/4.2/
installation/guide/user_passwords/ucpNW42.html

Installation and Configuration Guide for Cisco Secure ACS Remote Agents 4.2

On Cisco.com:

http://www.cisco.com/en/US/docs/net_mgmt/
cisco_secure_access_control_server_for_solution_engine/4.2/
installation/guide/remote_agent/RA42.html

Cisco Secure Access Control Server Troubleshooting Guide 4.2

On Cisco.com:

http://www.cisco.com/en/US/docs/net_mgmt/
cisco_secure_access_control_server_for_windows/4.2/
trouble/guide/ACSTrbG42.html

Regulatory Compliance and Safety Information for Cisco Secure ACS Solution Engine 4.2

Printed document available by order (part number DOC-7817259).

On Cisco.com:

http://www.cisco.com/en/US/docs/net_mgmt/
cisco_secure_access_control_server_for_solution_engine/
4.2/regulatory/compliance/RCSI_42.html

Supported and Interoperable Devices and Software Tables for Cisco Secure ACS 4.2

On Cisco.com:

http://www.cisco.com/en/US/docs/net_mgmt/
cisco_secure_access_control_server_for_windows/
4.2/device/guide/sdt42.html


Notices

The following notices pertain to this software license.

OpenSSL/Open SSL Project

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).

This product includes software written by Tim Hudson (tjh@cryptsoft.com).

License Issues

The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.

OpenSSL License:

Copyright © 1998-2007 The OpenSSL Project. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org.

5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment:

"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT "AS IS"' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).

Original SSLeay License:

Copyright © 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.

This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).

The implementation was written so as to conform with Netscapes SSL.

This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).

Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgement:

"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)".

The word `cryptographic' can be left out if the routines from the library being used are not cryptography-related.

4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)".

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.