Worldwide [change] |Account |Register |About Cisco
Guest

Hierarchical Navigation

Cisco VPN 5000 Client

Release Notes for the Cisco VPN 5000 Client Software Version 5.2.2 for Mac OS

Downloads

Table Of Contents

Release Notes for the Cisco VPN 5000 Client Software Version 5.2.2 for Mac OS

Contents

Caveats Fixed in This Release

Caveats Fixed in Previous Releases

Caveats Fixed in Version 5.1.2

Caveats Fixed in Version 5.0.3

Caveats Fixed in Version 5.0.0

Caveats Fixed in Version 4.2.x

Caveats Fixed in Version 3.8.x

Caveats Fixed in Version 3.7.x

Caveats Fixed in Version 3.6.x

Caveats Fixed in Version 3.3.x

Open Caveats

Open Caveats for Classic Mac OS

Obtaining Documentation

World Wide Web

Documentation CD-ROM

Ordering Documentation

Documentation Feedback

Obtaining Technical Assistance

Cisco.com

Technical Assistance Center

Cisco TAC Web Site

Cisco TAC Escalation Center


Release Notes for the Cisco VPN 5000 Client Software Version 5.2.2 for Mac OS

September 12, 2002

These release notes provide information about the Cisco VPN 5000 client software Version 5.2.2 for the Classic Macintosh operating system. These release notes are updated as needed to describe new and changed information, caveats, and documentation updates.

Contents

This document contains the following sections:

Caveats Fixed in This Release

Caveats Fixed in Previous Releases

Open Caveats

Obtaining Documentation

Obtaining Technical Assistance

Caveats Fixed in This Release

The following sections describe caveats fixed in VPN 5000 client software Version 5.2.2.

CSCdu87579

If you disable the encrypt passwords parameter on the VPN client for Mac OS, and connect to a VPN 5001 with shared secrets enabled, the client now correctly writes the shared key to the client preferences file located in the system directory. Previously, on workstations running Mac OS Version 9.1 and the VPN client Version 5.1.2 for Mac OS, the client did not correctly write shared keys.

CSCdx17109

The most recently used password for the default login is no longer stored in plain text in the resources section of the System/Preferences/VPN 5000 Client Preferences file. See http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml for more information.

CSCdw65853

When you use the VPN 5000 client for Mac OS X configured to use NAT Transparency (fTCP), keepalive interval delays no longer occur when you pass VPN traffic through certain stateful firewalls, and the fTCP packets are no longer identified as invalid and dropped.

The default value for the keepalive interval is 60 seconds for VPN 5000 concentrators running Version 6.0.x software, and 120 seconds for concentrators running Version 5.2.x software. The range for this variable is 0 to 65,000. For more information refer to the Cisco VPN 5000 Concentrator Series Command Reference Guide.

Caveats Fixed in Previous Releases

This section lists caveats fixed in previous releases of the VPN 5000 client for the Classic Mac OS.

Note For information regarding the VPN 5000 Client for Mac OS X, refer to the Release Notes for the Cisco VPN 5000 Client Software Version 5.2.3 for Mac OS X.

Caveats Fixed in Version 5.1.2

CSCdt09734

When an invalid certificate is imported using the Import button on the Certificates tab of the VPN Client window, the client no longer stops working.

CSCdt73875

The VPN client no longer drops its end of a tunnel after a period of inactivity when connected to a concentrator.

CSCdu01657

The maximum segment size value for the VPN client has been reduced to 0 x 0550 (1360) bytes to allow a safety margin for web servers that do not reduce the maximum transmission unit (MTU) of outgoing traffic.

CSCdu61150

The VPN client now passes packets larger than 1300 bytes when it establishes a connection using a Mac PoET PPPoE client from Windriver.

Caveats Fixed in Version 5.0.3

CSCdr64115, CSCdt29242

The VPN client now manages the TCP MSS value and requires the server to send properly sized packets which can be tunneled from the concentrator to the VPN client.

CSCds85478

The VPN client window now correctly displays after you close and then reopen it.

CSCds86954

When a workstation with a VPN client is connected through a tunnel, other local workstations on the network can ping the workstation successfully. Although a ping from a local workstation reaches the workstation, any other type of traffic from the local network is silently discarded. There are no IP security issues and it is not detrimental to the IP security or reliability of the VPN client connection.

CSCds87962

The VPN client now properly times out a connection attempt to the primary server and tries to connect to the secondary server if the primary server does not respond.

CSCds90236

The VPN client no longer attempts to prepare or write debug statements to a file at the improper time.

CSCdt09163

The message which prompts the user to quit all other applications during the installation process has been reworded.

CSCdt09209, CSCdt09221, CSCdt10158

The readme file has been changed from a text file, which can be modified by the user, to a ttro file, which cannot be modified. The release notes in the readme file have also been updated.

CSCdt20750

In the message window of all install programs of the VPN client, the version number is now included as the first line.

CSCdt36366

The VPN client Timestamp functions are no longer called at improper times (which caused the VPN client to become inoperable in rare occurrences).

CSCdt70396

The Mac OS no longer becomes inoperable when the concentrator sends a reset packet back to the VPN client after you have disconnected from the concentrator.

CSCdt71767

The VPN client now sends the correct minimum version information to the concentrator so that the concentrator can disallow any VPN client that does not meet the MinimumVersion variable specified by the VPN Group parameter in the concentrator.

Caveats Fixed in Version 5.0.0

CSCdr64115

If you use an Apple Directory DA with the VPN client for Mac OS with NAT transparency turned on, this no longer requires that packets be fragmented before you send the packets through the VPN tunnel.

CSCdr99253

The Macintosh is now able to be placed into sleep mode so that the VPN client can stay connected to a concentrator.

CSCdr78540

The RADIUS authentication password dialog box now correctly asks for the password instead of the username.

CSCds11351

The Login window is no longer positioned beyond the visible portion on multiple-monitor configurations. The coordinates of the main VPN client window are now checked and adjusted.

CSCds90274

The VPN client no longer conflicts with the Mac operating system due to debug facilities that remained from previous versions. Previously, this conflict caused the operating system to crash, and Macsbug could not write a standard log when the Mac OS crashed.

Caveats Fixed in Version 4.2.x

CSCco01093

The VPN client now allows duplicate login names on the Configuration tab of the VPN Client window if the primary servers are different for each login name.

CSCco01132

The shared key entered by a user no longer remains in the VPN client after a failed connection attempt. Each subsequent user is now prompted for a shared key.

CSCdr30594

An Apple laptop awakening from sleep mode no longer loses its tunnel connection from the concentrator. The VPN client now reestablishes its connections, or quits if it fails to reestablish the connection.

CSCds11319

The preferences you select in the VPN Client window, such as the window position and column widths, are now saved after you reinstall the VPN client.

The following caveats fixed in Version 4.2.x are not assigned corresponding caveat numbers in the Cisco DDTs.

The user is now able to select a login from the list on the Configuration tab of the VPN Client window without having the horizontal slide bar in the zero position.

The vpnsession.log file is now formatted so that it can be easily read by a simple text application.

User certificates can now be validated against the list of root certificates imported into the VPN client.

Caveats Fixed in Version 3.8.x

The following caveats fixed in Version 3.8.x are not assigned corresponding caveat numbers in the Cisco DDTs.

When a SecurID login attempt fails or is canceled and there is a secondary server in the login configuration, you now have the option to reconnect, attempt a connection to the secondary server, or cancel.

You can now store the VPN client files in the Preferences or Extension folders as long as they are located in the System Folder. Also, you are no longer required to keep the System Folder at the root level of the System disk.

Caveats Fixed in Version 3.7.x

The following caveats fixed in Version 3.7.x are not assigned corresponding caveat numbers in the Cisco DDTs.

You no longer lose the saved shared secret if the VPN client must fail over to the secondary server in your configuration.

If the primary server in your login configuration does not respond within the allotted time period, you now have a choice to attempt to reconnect or to attempt a connection with a secondary server.

A default login configuration always exists unless the list is empty, or unless no default entry is specified in the preferences file created by an earlier version of the VPN client.

The VPN client no longer allows either of the Auto-Connect check boxes on the Configuration tab of the VPN Client window to be enabled if there is no default login configuration specified.

The VPN client now times out properly and terminates a connection if the concentrator is no longer passing traffic or not responding to the tunnel initiation requests.

Statistics now properly appear when you use the VPN client with Mac OS Version 9.

The Tunnel Appletalk check box has been removed from the Configuration tab of the VPN Client window.

Caveats Fixed in Version 3.6.x

The following caveats fixed in Version 3.6.x are not assigned corresponding caveat numbers in the Cisco DDTs.

The ability to save secrets now works correctly even if the user disconnects in the middle of a connection attempt.

The VPN 5000 Client Preferences file is now correctly created, accessed, read, and written as long as the folder exists on the Macintosh computer that is running the VPN client.

If you shut down your computer during an established tunnel connection, the VPN client now closes the tunnel properly.

A write-to-nil error no longer appears in the Macsbug or Even Better Bus Error applications while attempting to establish a VPN tunnel with a concentrator.

The VPN client now tunnels DNS packets even when the Exclude Local LAN option is enabled.

You can now use blank spaces in keywords in the VPN User section of the VPN 5000 Client Preferences file.

Caveats Fixed in Version 3.3.x

The following caveats fixed in Version 3.3.x are not assigned corresponding caveat numbers in the Cisco DDTs.

Problems with editing or adding a new login configuration are resolved.

The CSC IPAP INIT file no longer causes an error at startup.

The VPN client now presents a message window to notify you if you lose an established tunnel with the server.

Open Caveats

The following sections list known issues for the Cisco VPN 5000 client software Version 5.2.2 for Mac OS.

Open Caveats for Classic Mac OS

This section lists open caveats for the VPN client Version 5.2.1 release for Mac OS.

CSCdv85216

You cannot establish SSH connections through the VPN tunnel when you are using a VPN client for Mac OS. However, you can establish SSH connections to an fsecure server if there is no VPN tunnel.

No workaround.

CSCdw24047

If you are using the VPN client and the system enters sleep mode, the VPN client becomes inoperable and you must reboot the operating system after you awaken your system.

No workaround.

Obtaining Documentation

The following sections explain how to obtain documentation from Cisco Systems.

World Wide Web

You can access the most current Cisco documentation on the World Wide Web at the following URL:

http://www.cisco.com

Translated documentation is available at the following URL:

http://www.cisco.com/public/countries_languages.shtml

Documentation CD-ROM

Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM package, which is shipped with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or through an annual subscription.

Ordering Documentation

Cisco documentation is available in the following ways:

Registered Cisco Direct Customers can order Cisco product documentation from the Networking Products MarketPlace:

http://www.cisco.com/cgi-bin/order/order_root.pl

Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store:

http://www.cisco.com/go/subscription

Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco corporate headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).

Documentation Feedback

If you are reading Cisco product documentation on Cisco.com, you can submit technical comments electronically. Click Leave Feedback at the bottom of the Cisco Documentation home page. After you complete the form, print it out and fax it to Cisco at 408 527-0730.

You can e-mail your comments to bug-doc@cisco.com.

To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address:

Cisco Systems
Attn: Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site.

Cisco.com

Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world.

Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you to

Streamline business processes and improve productivity

Resolve technical issues with online support

Download and test software packages

Order Cisco learning materials and merchandise

Register for online skill assessment, training, and certification programs

You can self-register on Cisco.com to obtain customized information and service. To access Cisco.com, go to the following URL:

http://www.cisco.com

Technical Assistance Center

The Cisco TAC is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two types of support are available through the Cisco TAC: the Cisco TAC Web Site and the Cisco TAC Escalation Center.

Inquiries to Cisco TAC are categorized according to the urgency of the issue:

Priority level 4 (P4)—You need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration.

Priority level 3 (P3)—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.

Priority level 2 (P2)—Your production network is severely degraded, affecting significant aspects of business operations. No workaround is available.

Priority level 1 (P1)—Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available.

Which Cisco TAC resource you choose is based on the priority of the problem and the conditions of service contracts, when applicable.

Cisco TAC Web Site

The Cisco TAC Web Site allows you to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to the following URL:

http://www.cisco.com/tac

All customers, partners, and resellers who have a valid Cisco services contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to the following URL to register:

http://www.cisco.com/register/

If you cannot resolve your technical issues by using the Cisco TAC Web Site, and you are a Cisco.com registered user, you can open a case online by using the TAC Case Open tool at the following URL:

http://www.cisco.com/tac/caseopen

If you have Internet access, it is recommended that you open P3 and P4 cases through the Cisco TAC Web Site.

Cisco TAC Escalation Center

The Cisco TAC Escalation Center addresses issues that are classified as priority level 1 or priority level 2; these classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer will automatically open a case.

To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to the following URL:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled; for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). In addition, please have available your service agreement number and your product serial number.

Copyright ©2002, Cisco Systems, Inc.
All rights reserved.