HP Sa3110 - VPN Server Appliance Release Notes page 27

Release 6.8.2 Release Notes
The same case holds true to a network in a VLSM class; a
net-include of 192.168.200.0/24 and an exclude statement of
192.168.200.128/25. Logically speaking, all traffic from the
lower half of the 192.168.200.0 network should be
permitted, while the upper half of the network should be
denied. This, however, is not the case.
VPN Client for Windows 2000
Reconnection May Fail
Reference Number 548P
If the VPN tunnel is reconnected, it may fail to obtain its IP
and WINS information after successful authentication. If
the scenario is repeated with the VPN Client being logged
off before the PPTP session is initiated, then the result is
still the same.
To work around this problem, reboot the client
Certain Characters in Distinguished
Names Not Accepted
Reference Number 104218DF
The VPN Client does not accept certain characters for
distinguished name information.
Given the following sequence of events:
•
Set up an Entrust server to provide a VPN Client PC
with a certificate in which one of the fields of its
distinguished name is surrounded by quotation marks
and contains a comma.
•
Create a remote-group IKE tunnel using Entrust CA
authentication, and adjust the device's ACL to match
by distinguished name.
•
Once the VPN Client successfully logs into the Entrust
server, attempt to negotiate the tunnel.
The VPN Client should successfully match with the ACL on
the device, but the device reports as follows:
[ipsec]: ike aggressive mode packet
received from 10.250.2.254, port 500
[ipsec]: INVALID_CERTIFICATE from
27