57
Release Notes for VPN Client, Release 4.0 through Release 4.0.5.D
OL-5450-10
Open Caveats
Workaround:
Use Time Lifetime on the VPN 3000 Concentrator.
• CSCec18923
After the Cisco VPN Client is connected, the PC stops receiving the local
multicast traffic. The “Allow Local LAN Access” check box is checked, and
the multicast addresses are also included in the bypass list on the VPN 3000
Concentrator.
• CSCec20680
The ForceNetLogin feature might not work properly with Entrust Intelligence
client version 6.1.
• CSCec22783
VPN Client sends the first ESP packet after IKE negotiation is successful
using an SPI number that doesn't exist. Then the central-site Concentrator
sends back a delete notification, which the client ignores because the SPI
doesn't actually exist in the VPN Client. This does not affect any functions.
• CSCec30347
A customer installed an RSA Keon CA server with root and subordinate CA.
When we are using the VPN Client, Release 3.1 with the certificates, we can
connect to VPN 3000 Concentrator running either 3.x or 4.0.1D
(Concentrator code does not matter).
Once I upgrade the VPN Client to 3.6.x or 4.0.x, I can no longer get a
connection to VPN 3000 Concentrator.
I play around all the settings including “check uncheck CA chain” on the
Client end, as well as the Concentrator end, “Certificate Group Matching”,
IKE group 1 or group2, no matter what I do, it does not work.
Workaround:
Downgrade the VPN client to 3.1.
• CSCed05004
With the VPN Client, Release 4.0.x installed on a Windows XP (tablet
edition) system, whenever the VPN dialer is opened we get an error “System
Error: IPC Socket allocation failed with error ffffffff8h” and then it cannot go
out to the DHCP server and get an IP address.