|| || |||| |||| ..:||||||:..:||||||:.. || || C I S C O Readme file ========================================================================= Revisions: 5.0.07.0410 Files: vpnclient-win-msi-5.0.07.0410-k9.exe - Windows 2000, XP, Vista, Windows 7 - 32bit only. PREREQUISITE: Windows Vista users, ensure you have installed: Windows6.0-KB952876-x86.msu Advisory: The client requires a kernel patch, KB952876, from Microsoft before installing the actual client. It is also suggested that Service Pack 2 for Vista be installed. REF: http://support.microsoft.com/kb/952876/en-us VPN Client takes longer to connect on Vista compared to XP. This is due to new features in Vista. The Cisco VPN Client for Windows Vista and Windows 7 does NOT support the following: * System upgraded from Windows XP to Vista or Windows 7 (clean OS installation required). * Start Before Logon * Integrated Firewall - See workaround below. * InstallShield * 64bit support * AutoUpdate * Translated Online Help - Provided only in English If you are experiencing a BlueScreen on XP related to the VPN client built-in Firewall client, please follow the workaround below. Known Issues: CSCtj25702 Windows GINA shows BEFORE VPN GINA in one case w/SBLWaitForVPNConnection CSCsf10635 unity client disconnect-verizon evdo/at&t 3G card changed ip . CSCsi25985 unity vista: user not prompted to reconnect after sleep or hibernation CSCsi26001 unity xp-vista: reauth on rekey with saved password causes disconnect CSCsi26020 unity vista: firewall tab under stats still shows CSCsi26050 unity vista: installshield packge does not work on vista CSCsi26069 unity vista: error 1721 when installing client on vista 64bit CSCsi26086 unity vista: upgrading from xp to vista not supported CSCsi26159 unity vista: bsod during install/uninstall/sleep with active ras CSCsi26229 unity vista: integrated firewall not installed on vista CSCsi35107 unity vista: start before login “sbl” not functioning CSCec02663 Auto Initiation fails on 9x/Vista on boot up Resolved Issues: 5.0.7.0410 CSCti92867 - SBL: Stop establishing VPN by prompt pressing Ctrl+Alt+Del for winlogon CSCti49867 - SBL: Packets not encrypted if VPN is established during Windows logon - add 2 new registry keywords to hklm\software\cisco systems\vpn client: * DWORD SBLWaitForVPNConnection - tells the GINA will wait for VPN Connection before handing control back to user to continue Windows logon * DWORD SBLWaitForVPNConnectionTimeout - (optional) timeout in seconds of SBLWaitForVPNConnection loop, default is 4 mins NOTE: If SBLWaitForVPNConnection is not set, then the GINA behaves like it has in the past. But if SBLWaitForVPNConnection is set, then it will hang the GINA until a) a vpn connection is completed or b) the timeout value is reached. Resolved Issues: 5.0.7.0290 CSCtd08761 PC reboots if physical link is disrupted during a VPN connection CSCsr08760 VPN client does not handle IP option properly under Vista CSCsr11437 IGMP packets from the Vista discovery service are getting encapsulated CSCtb85181 VPNClient 5.0.04.0300 will not connect to headend if PCF is read only CSCta07697 SetMTU needs to support Dial-Up Networking on Vista. CSCta96341 ENH: unity client with SBL shows error message with firewall detected CSCtb00682 VPN Client can't connect for certain period after forcibly termination 5.0.6.0160: CSCsv22636 IPsec Client 5.0.4.300 passwd-mngt shows New Pin/Confirm Pin prompts CSCta06006 Client can't connect using a Cert > or = 1024 with send CA Cert Chain CSCsz35825 CVPNVista failed re-bind to port 500 in a vpn load balancing setup ikep1 CSCsz49276 Cisco VPN Client Local crash on "cvpnd.exe" CSCsz59373 IPSec Driver (CVPNDRVA.sys) proof of concept crash CSCta78716 IPSec Client GUI crashes when Microsoft KB 956607 is applied CSCsz97108 Client uninstall locks up (stops) and cannot be canceled- needs reboot CSCsz46795 Vpn client Local LAN route pointing to vpn adapter is not added CSCsw69455 unity cli missing domain prompt when using radius with password expiry CSCsw64279 unity clients should not save password when password storage not enabled CSCsw37419 VPN Client 5.04 - 4096 bit cert fails to connect CSCsx20992 unity windows msi installer fails on low resolution displays < 600 5.0.5.0290: CSCsu65674 Misleading prompt when the Radius challenges the Client CSCsu82761 Vista VPN client with smartcard fails with error : 0x80090016 CSCsv46168 vpn client uninstall with SBL enabled causes user logon failure CSCsu70312 Windows VPN Client - Incorrect Cert match when using "CertMatchEKU" CSCsr60635 VPNC 5.0: Wildcard CertMatchDN: No disconnect when smartcart is removed. CSCso09581 System blue screens after undocking with CSSC 5.1 and VPN 5.0.01.0600 CSCso05782 Vista VPN client disconnect after few minutes - DPD enabled - IOS/ASA CSCsu41509 Cisco VPN Client- vpnclient.ini are not copied during installing CSCsu33397 Vista BSOD with VPN Client and Adobe Active File Monitor CSCsl75249 VPN client 5.x unable to download msie-proxy for Auto detect settings 5.0.04.0300: CSCsr01405 Profile files (.pcf) are corrupted after machine resume from sleep state CSCso94244 Profile file (pcf) is getting corrupted. CSCsr61237 VPN Client crashes when connecting to IOS using IKE Fragmentation CSCsq24532 unity windows vista fails to install profiles if install dir hyphenated CSCsq07756 unity client FRB datakey logout feature does not work with new safenet s CSCsi80703 unity vista addroute fails to add default route but still works CSCeh14815 If dashes are in path, pcf and ini files arent copied by MSI. CSCdz63183 Stateful FW traffic blocked w/new adaptor CSCsk15696 unity windows fails with entrust certs because expired CSCso44260 Vista Client Reason 403 Error and IP address conflict CSCsm82775 unity windows reauth on rekey with cert on smart card fails CSCsk53947 Vista: VPN Client fails optional FW check CSCsi82396 Linux VPNclient fails to import chained certificates when using SCEP CSCsr09537 VPN client with Vista UAC enabled: some smartcards dont work CSCsq60453 Some action caused content deletion of vpnclient.ini file CSCsq50281 VPNclient 5.0.3 windows ppp default gateway metric not incremented (bis) CSCsr04859 Client 5.0.3 with CAC and SBL does not use certificate store correctly 5.0.03.0560: CSCsq66183 unity: Vista netsh\WMI code unreliable REQUIRES: KB952876 CSCsq03188 Vista 32 bit hangs with VPN client 5.0.3 if connecting over dial-up PPP CSCso44260 Vista Client Reason 403 Error and IP address conflict 5.0.03.0530: CSCsl01951 Unitiy securid new pin mode fails to prompt when token is reassigned CSCsk21956 unity vista dad registry change for 442 crutch CSCsk64036 CVPN Client 5.0 - default gateway disappears in ipconf output CSCsm22120 VPN Client IPSec Driver local kernel system pool corruption CSCsm48457 unity vista certificate strong key high security import secure desktop CSCsl58301 vpn client 5.0.02.0090 takes 25 minutes to install w active directory ad CSCsl66524 Unity windows RSA SecurID new pin mode fails twice with invalid password CSCso79625 unity vista: client won't connect after hard power reset CSCso33820 unity vista beta routing persistent routes CSCso28380 unity vista sleep causes reboot or blue screen CSCso31614 Unity windows: Need to put the change to reset smart card PIN back. CSCsl22039 User failed authentication with error code 413 after new PIN was entered CSCsi45962 unity vista novsdata replacement for stateful firewall zone install CSCsi26106 unity vista: reason 442: failed to enable virtual adapter CSCsj87763 Vista: ping fails to the physical IP address when using Local LAN access CSCsj89258 unity windows cli user and invalid password causes prompt hang CSCsi25954 unity vista: certificate authentication via smartcards are not supported CSCsk52566 unity windows ppp default gateway metric not incremented CSCsa74320 Profile files (.pcf) are corrupted if machine hangs CSCsk25287 unity windows dne upgrade again to version 3.21.7 CSCsk37470 unity: unable to upgrade from InstallShield install to MSI install Workarounds for Vista: Error 412: The remote peer is no longer responding Upgrade local NAT device's firmware If this is not possible, switch to TCP If this is not possible, use the following keyword in connection profile (*.pcf):UseLegacyIKEPort=1 CAVEAT: If you are using Domain Isolation, customer will not be able to use the UseLegacyIKEPort keyword as this conflicts with Microsoft’s domain isolation. Previous Release: Release 5.0.07.0290 Contents: - See Release Notes for Release 5.0 at: http://www.cisco.com/en/US/products/sw/secursw/ps2308/prod_release_notes_list.html