Table Of Contents
Release Notes for the Cisco VPN 5000 Client Software Version 5.2.8 for Solaris
Caveats Fixed in Previous Releases
Caveats Fixed in Version 5.1.5
Caveats Fixed in Version 5.1.1
Caveats Fixed in Version 5.0.11
Caveats Fixed in Version 5.0.8
Caveats Fixed for SPARC Solaris
Open Caveats for Intel Solaris
Obtaining Technical Assistance
Release Notes for the Cisco VPN 5000 Client Software Version 5.2.8 for Solaris
September 12, 2002
These release notes provide information about the Cisco VPN 5000 client software Version 5.2.8 for the SPARC Solaris and Intel Solaris operating systems. These release notes are updated as needed to describe new and changed information, caveats, and documentation updates.
Contents
This document contains the following sections:
•
Caveats Fixed in This Release
•
•
Caveats Fixed in This Release
The following sections describe caveats fixed in VPN 5000 client software Version 5.2.8 for Solaris.
•
The open_tunnel and close_tunnel processes no longer fail when you use the -d command option and enter an invalid network interface name. For more information, see http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml.
Caveats Fixed in Previous Releases
The following sections list caveats fixed in previous releases of the VPN 5000 client for Solaris.
Caveats Fixed in Version 5.1.5
•
When you connect to a VPN group that has the AutoReconnect option configured, the VPN client for Solaris now disconnects from the concentrator when it is restarted.
•
When you use the VPN client for Solaris with a PPP connection in Main mode, the concentrator no longer displays a "WRONG PACKET HERE PAYLOAD=5" message and Error 256. The VPN client no longer times out because the concentrator stops attempting to make the connection.
•
When you enter the -n (fTCP enabled) flag on the command line, you enable NAT Transparency for the active session only and the UsefTCP keyword in the configuration is no longer automatically set to TRUE. To set all sessions to use NAT Transparency, manually change the UsefTCP keyword in the configuration file.
•
The VPN client now searches for a lost connection for the proper duration of time before it terminates a connection with a concentrator.
Caveats Fixed in Version 5.1.1
•
If you use the mget command while a VPN tunnel is established, you no longer lose the ability to send packets using FTP.
•
The VPN client for Intel Solaris no longer becomes inoperable when you attempt to establish a tunnel configured to use NAT transparency. Previously, this occurred using an Ethernet connection with Solaris Version 8.
•
Normal VPN client user accounts are now able to communicate with VPN devices over an Ethernet connection.
Caveats Fixed in Version 5.0.11
•
The Cisco VPN 5000 Solaris client now successfully connects to the concentrator if you have a VPN Group defined without an IPNet value.
•
If you use an Ethernet connection to establish a VPN tunnel using SPARC Solaris Version 8, the operating system no longer stops working.
•
The VPN 5000 client for SPARC Solaris no longer tunnels all traffic when using IPNet=0.0.0.0/1.
Caveats Fixed in Version 5.0.8
•
A VPN client for Solaris that is configured to use NAT transparency now encapsulates packets in fTCP for all concentrators.
Caveats Fixed for SPARC Solaris
The following caveats have been fixed in the VPN client for SPARC Solaris. They are still known issues in the VPN client for Intel Solaris. See the "Open Caveats for Intel Solaris" section for more information.
•
This problem occurred with Solaris Version 2.6.
When you configure the VPN client for Solaris with interface ipdptp0 over a PPP connection, the client is now able to establish a connection. If you configure the VPN client for Solaris with interface hme2 or -d hme2, you can establish a connection and pass traffic.
•
During installation, the VPN client now creates the necessary folder /etc/Intraport Client/certificates/requests and a "can't open out file" message no longer appears when you attempt to make a certificate request using SCEP.
•
When you issue the close_tunnel command, the VPN client now searches for a ps command to execute instead of executing the first command that resides in the directory defined in the $PATH variable.
Open Caveats
This sections lists known issues for the Cisco VPN 5000 client software Version 5.2.8 for Solaris.
•
A VPN client for Solaris 8 using the native PPPoE or PPP interfaces fails to connect to a VPN 5000 concentrator because the VPN traffic is not properly encrypted before the traffic passes through the PPP interface.
No workaround.
Open Caveats for Intel Solaris
The following open caveats apply only to the VPN client for Intel Solaris. These caveats have been fixed in the VPN client for SPARC Solaris. See the "Caveats Fixed for SPARC Solaris" section for more information.
•
The following problem occurs with Solaris Version 2.6:
–
–
Workaround: Manually execute the autopush command to allow the ipdptp stream to be created before the boot time autopush occurs.
To manually execute autopush:
a.
ipdptp -1 0 vpnmodb.
c.
autopush -f /etc/ppp.ap•
The VPN client does not call the full path (for example, /bin/ps) when you issue the close_tunnel command. The VPN client calls the command that first resides in the directory defined in the $PATH variable. If another command resides in $PATH before /bin/ps, the VPN client executes the first command instead.
Workaround: Make sure that /bin/ps is the first directory listed in your $PATH.
Limitations
This section lists limitations for the VPN 5000 client software Version 5.2.8 for Solaris.
•
If the open_tunnel process is killed using the kill -9 command, the open_tunnel process terminates, but the driver remains in an inconsistent state causing the VPN client to continue tunneling packets.
Workaround: Use the close_tunnel command to terminate the open_tunnel process and reset the driver.
The following limitation applies only to the VPN client for SPARC Solaris.
•
Workaround: Set up the VPN routes so that all traffic flows through the PPP interface.
Obtaining Documentation
The following sections explain how to obtain documentation from Cisco Systems.
World Wide Web
You can access the most current Cisco documentation on the World Wide Web at the following URL:
Translated documentation is available at the following URL:
http://www.cisco.com/public/countries_languages.shtml
Documentation CD-ROM
Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM package, which is shipped with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or through an annual subscription.
Ordering Documentation
Cisco documentation is available in the following ways:
•
http://www.cisco.com/public/ordsum.html
•
http://www.cisco.com/go/subscription
•
Documentation Feedback
If you are reading Cisco product documentation on Cisco.com, you can submit technical comments electronically. Click Leave Feedback at the bottom of the Cisco Documentation home page. After you complete the form, print it out and fax it to Cisco at 408 527-0730.
You can e-mail your comments to bug-doc@cisco.com.
To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address:
Cisco Systems
Attn: Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Obtaining Technical Assistance
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site.
Cisco.com
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world.
Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you to
•
•
•
•
•
You can self-register on Cisco.com to obtain customized information and service. To access Cisco.com, go to the following URL:
Technical Assistance Center
The Cisco TAC is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two types of support are available through the Cisco TAC: the Cisco TAC Web Site and the Cisco TAC Escalation Center.
Inquiries to Cisco TAC are categorized according to the urgency of the issue:
•
•
•
•
Which Cisco TAC resource you choose is based on the priority of the problem and the conditions of service contracts, when applicable.
Cisco TAC Web Site
The Cisco TAC Web Site allows you to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to the following URL:
All customers, partners, and resellers who have a valid Cisco services contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to the following URL to register:
http://www.cisco.com/register/
If you cannot resolve your technical issues by using the Cisco TAC Web Site, and you are a Cisco.com registered user, you can open a case online by using the TAC Case Open tool at the following URL:
http://www.cisco.com/tac/caseopen
If you have Internet access, it is recommended that you open P3 and P4 cases through the Cisco TAC Web Site.
Cisco TAC Escalation Center
The Cisco TAC Escalation Center addresses issues that are classified as priority level 1 or priority level 2; these classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer will automatically open a case.
To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to the following URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled; for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). In addition, please have available your service agreement number and your product serial number.
Copyright ©2002, Cisco Systems, Inc.
All rights reserved.
Guest
