83
Release Notes for VPN Client, Release 4.0 through Release 4.0.5.D
OL-5450-10
Caveats Resolved in Release 4.0
The level for this message should be changed and this file should probably be
documented.
Caveats Resolved in Release 4.0
This section lists the caveats fixed since Release 3.6.3 (Windows) or Release 3.7.2
(Linux, Solaris, and Mac OS X). If you have an account on CCO you can check
the status of any caveat by using Bug Navigator II.
To reach Bug Navigator II on CCO, choose Software & Support: Online Technical
Support: Software Bug Toolkit or navigate to
http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl
• CSCdt42661
When using the VPN Client behind an ESP-aware NAT/Firewall, the port on
the NAT/Firewall device may be closed due to the VPN Client’s keepalive
implementation, called DPD (Dead Peer Detection). When a Client is idle, it
does not send a keepalive until it sends data and gets no response.
Refer to “Connection Profile Configuration Parameters” in the VPN Client
Administrator Guide for a detailed description of creating profiles.
• CSCdv64330
The VPN client cannot connect using digital certificates issued from an RSA
Keon CA if the “Send CA certificate chain” option is selected. The feature
defaults to disabled.
• CSCdw61796
The Cisco VPN Client fails to connect while configured for digital certificates
and posts the following error in the Log Viewer:
“Get certificate validity failed”
Some of the reasons this event could have occurred are:
–
The received certificate has an incomplete chain.
–
The received certificate is either expired or not valid yet. Check the time
on the certificate.