Version 3.7 beta
Section VI: Hints and Tips
Section VII: VPNmanager Documentation Addendum
Section VIII: Contacting Avaya Technical Support
Section I: New Features and changes in release 3.7
1. Support for fully qualified domain names (FQDN) for IP Telephony.
2. Support for the CLAN list to accommodate 20 entries.
3. Support for Traceroute configuration in Failover
4. Support for Keep Alive and Trace route criteria configuration.
5. Support for Device diagnostic report on VPNmanager.
6. VPNos MIB support enhancement on VPNmanager
7. Support for H.323 (VoIP) enhancements including LRQ configuration
8. Support for FQDN for CLAN addresses
9. Support for Converged Network Analyzer improvements
Section II: Requirements and compatibilities
1. Microsoft Windows 2003 server and advance server with NTFS
2. Microsoft Windows 2000 Server and Advance Server SP2 with NTFS
3. VPNos 3.2.x, 4.2.34 and above.
4. Solaris Version 9 (SPARC(r) Platform Edition) and above
5. Microsoft Windows XP
Section III: Fixes in Release 3.7
1. Resolved the issue when 'Allow remote client to contact extranet device'
was unchecked, a client was still able to CCD to the extranet device.
Reference# 2888
2. When the Refresh button in High Availability tab is clicked, now the
Active/Passive Status will get refreshed. Reference# 3181.
3. Resolved issue where the split tunnel configuration was not downloaded to
VSU. Reference# 4184.
4. Resolved issue so monitoring active sessions of the VSU configured for HA,
will now report traffic correctly. Reference# 3166
5. If an IP device is created on a VSU running VPNos 4.2 and the user selects
another VSU and saves it and then goes back to the first VSU and clicks
refresh, the IP device configuration will be saved. Reference# 4629.
6. Resolved issue when in large domains when the Policy tab is selected and the
"go" button is selected, a popup window listing all VSU object would appear.
7. The issue when the Device Setup Wizard window would take 30 seconds to close
has been resolved.
8. Resolved issue in large domains when an IP group is selected a popup window
listing all IP groups would display.
9. Resolved issue where the option to set the Media to 100Mbps half duplex was
missing.
10. Resolved issue when the SG device interface tab is opened and then the 'OK"
is clicked on, the error message "QOS bandwidth should not exceed more than
100mbs" will no longer be displayed.
Reference # 6735.
11. Resolved issue of the PPPoE user name and password would be removed when
updating a device where the public interface is in PPPoE mode.
Reference # 7071
12. Fixed the issue when the message "Entry Already Exists" is displayed.
This causes the problem of the users in a VPN being saved twice either by
removing or by adding to the VPN. This affects the creation of the entry
Key blocks in the dataabase. Reference # 7096.
13 Fixed the symptom of "Entry Already Exists" problem when the data is
migrated from 3.3 to 3.4 or 3.3 to 3.5 with respect to removing/adding users
in the VPN. Reference # 7086
14. Resolved issue When upgrading VPNmanager 3.3 that had Firewall rules set to
high to 3.5.x VPNmanager or later, the following rules will be part of the
template. OutBoundSemiPrivateVPNAccess, Ike-out,Ike-avaya-out,
ipsec-nat-t-out.
This happens because they were not part of the 3.3 VPNmanager release.
Reference# 6771
15. Resolved issue when a service is created that has the character "\" as part
of the name, then create a firewall rule that is associated to this service.
The update VSU/SG will not fail for service not found. Reference# 6840
16. Resolved issue of VPNmanager console intermittently closing causing loss of
any unsaved configurations. Reference# 7549.
17. Resolved issue When a new user is created in a new domain on a Windows 2003
server causing the error message "error to add the new user" to be
displayed. Reference# 7981.
18. Resolved issue When High Availability is configured and enabled and the
public or private IP address is changed causing the SG device to memory
dump and reboot. Reference # 7975.
19. Resolved issue When creating a new user and enabling "Default User" check-box
on VPNmanager on Windows 2003, the error "Error while updating
UserAccountControl attribute for the new user. User may not be usable.
Please delete the new user and try adding it later" will be displayed." was
displayed. Reference# 8246
20. Resolved issue When creating a new device object and you the Enter name, select
Unknown for the public IP address then enter the private IP address and Mask of
255.255.255.240. The Private IP address mask is now displayed correctly.
Reference# 8265.
21. When the Device Account User is disabled, the "Use this as Default VPN
profile" setting now will get sent to the Security Gateway device.
Reference # 8472.
22. When configuring the Public-backup interface with VPNmanager On Solaris
Server, the Zone setting configuration box size is now sized correctly.
Reference # 8481.
23. When the check box to enable Web Interface access to the public interface is
selected, If user selects another screen before clicking on the "Save" button
the change will now be retained. Reference # 8509.
Section IV: Known Issues in VPNmanager 3.7
1. When the same Firewall template for the Domain and device level is applied by
the VPNmanager, duplicate firewall rules will be seen from the Web interface
and cannot be modified. Reference# 6948.
Workaround: Change the name of the firewall rule first, then the rule can be
modified.
2. When VTDR is configured from the Web Interface, then the configuration is
imported into the VPNmanager from the "Actions/Import Configuration option,
VTDR will not be imported since import of this feature is not supported.
Reference# 7460
Work around: Configure VTDR in the VPNmanager.
3. When the public-backup is configured with a static address, then changed to
DHCP. The interface pane will display the static address previously
configured. Reference# 8224.
Work around: None
4. If the VPNmanager is Installed on a PC running McAfee Desktop Firewall,
when vpnmanager is un-installed the console folder is not completely
cleaned up. Subsequent Installs of VPNmanger will succeed, but the Console
cannot be launched due to a locked vpnmgr3.bat file. Reference # 8253.
Work around: Remove McAfee Desktop Firewall or reboot the PC and re-install
VPNmanager.
5. If the VPNmanager console is open for an extented period of time and multiple
devices are upgraded simultaneously, some devices will fail to be upgraded
due to a Java out of memory error. Reference# 8131.
Work around: Increase the Java heap memory by placing "-Xmx100m" as the java
argument in the Avaya/VPNmanager/Console/vpnmgr3.bat on windows and
java -Xmx100m -classpath.... for Solaris in the vpnmgr3.sh file.
6. When upgrading from Engineering Temporary Fix version 3.4.40 to 3.7 beta,
installation of the Policy server will fail. Reference# 8258
Work around: Create a directory called "spm" under path:
Tomcat/webapps/securitymgr/WEB-INF/classes/ then copy some files under
that directory. Now perform the Upgrade.
7. When an MDAD device changes it's public address and tries to register it's
new address with the Policy server but the process fails, management of this
device will fail. Reference# 8262
Work around: Reboot the MDAD device to allow new IP address to be registered
to the Policy server.
8. On Solaris versions 9 and 10, some Voip configuration windows do not display
the full text correctly. Reference # 8502.
Work around: Manually enlarge the configuration window.
9. When in the Keep Alive screen, the VPNmanager auto save feature if
present screen is refreshed or left fails. Reference # 8470.
Work around: Before the screen is refresh or left, click on "Save"
10. When Active Directory is used and LDAP for authentication or for configuration
is selected, the VPNremote client will fail to connect. Reference # 7250.
Work around: If this feature is required, use the iPlanet directory server.
Section V: Upgrading to VPNmanager Version 3.7 and VPNos Version 4.6
NOTE: Beginning with VPNmanager 3.5, the Sun ONE directory server is no longer
included with the VPNmanager software, and is no longer part of the installation
process.
Prior to beginning the installation process, VPNmanager software requires a
previously installed directory server. VPNmanager is compatible with
Active Directory(2000 and 2003) and the Sun ONE directory server 5.1 and 5.2,
previously called the iPlanet directory server.
The VPNmanager 3.7 Configuration Guide with information about configuring
VPNmanager can be downloaded from the Product Document page of the Avaya Support
Web site at http://support.avaya.com.
WARNING: Do not uninstall your VPNmanager 3.x Server, otherwise
all VPN database information will be deleted.
Before performing the upgrade process, it is recommended
to backup the directory server data.
1. With the Avaya VPNmanager installation, follow the procedure listed in the
Installation Guide, "Upgrading Avaya VPNmanager" section.
2. When upgrading from VPNmanager 3.1 or 3.2 version to version 3.7, Install
the the VPNmanager 3.3.23 version first which will migrate all data to the
iPlanet directory server. Once completed perform the standard VPNmanager
3.7 installation process.
3. The VPNos upgrade procedure is provided in the VPNmanager
Administrator's Guide, Chapter 8, Configuring VSU Objects,
Upgrading a VSU's Firmware. Here are important additions:
1) After selecting a VSU Object in the Configuration Console
window, click the "Upgrade" tab, then click the "Upgrade
Firmware" button. Use the Open dialog box to navigate to
the directory where the firmware is located.
2) Select the "update.bin" file, then click "Open" to install
the firmware.
3) When the download is complete, a message box appears asking
"Do you want to Reboot?" Click "YES" to reboot the VSU.
4. When upgrading a SG 5/5x from VPNos 4.4 to 4.6 using the
the VPNmanager 3.7, follow standard upgrade procedures listed above
selecting the required 4.6 VPNos.
5. For the latest documentation please go to:
http://www.avaya.com/support
Section VI: Release 3.7 Hints and Tips
1. Installing VPNmanager 3.7: To enable a successful installation
of VPNmanager Console it is necessary to allocate a minimum of 160 MB of
free space on the installation drive. To enable a successful installation of the
VPNmanager Server, it is necessary to allocate a minimum of 250 MB of free
space on the installation drive.
2. VPNmanager provides support only for up to 31-character
usernames when using a RADIUS server for authentication
*and* local VSU configuration storage.
3. The following authentication/configuration source combinations
(under Edit->Preferences, Dyna Policy Authentication) are
supported in VPN domains with exclusively SKIP clients:
local authentication/local configuration
RADIUS authentication/local configuration
RADIUS authentication/RADIUS configuration
The following supported only on VPNos 3.x and only on iPlanet/ SunOne Directory server.
RADIUS authentication/LDAP configuration
LDAP authentication/local configuration
LDAP authentication/LDAP configuration
4. The following authentication/configuration source combinations
(under Edit->Preferences, Dyna Policy Authentication) are
supported in VPN domains with IKE clients, or both SKIP and
IKE clients:
local authentication/local configuration
RADIUS authentication/local configuration
RADIUS authentication/LDAP configuration
LDAP authentication/local configuration
LDAP authentication/LDAP configuration
5. VPNmanager HP Openview Integration: HP Openview is a tool
developed by Hewlett Packard for Network management. This
tool has an integrated set of network and system management
applications for controlling and administering heterogeneous
networks.
Integration procedure:
The integration process can be started from the
Start/Programs/VPNmanager/Openview Integration shortcut. The
administrator will be asked to point to a file under
<HPOpenview>/conf/oid_to_sym and open it. Then the
integration is done automatically.
Integration Results:
1. HP Openview will discover Avaya devices automatically
by showing nodes for the VSUs located in the network.
2. VPNmanager can be launched from HP Openview's Network
Node Manager console.
3. Customer can load the VPNet MIB on their Network Node
Manager.
Results of the integration:
Menu Item - The Menu Bar will now have a new item called
Avaya. This menu will have items to open the
Avaya home page, VPNmanager console.
Tool Bar - The tool bar will now have an additional item that
can start the VPNmanager console.
VSU icons - If there are any VSU's connected to the network,
they will be visible on the Network Node Manager
window. The color of the Node which holds the icon changes color
based on the connectivity to the VSU.
6. The xxxx_SOHO_upgrade.sup file contains the System Upgrade Package (SUP)
for upgrading the boot firmware image on the SOHO devices via the Web
interface and the VPNmanager. SUP's files are available for use in
VPNos 4.41.05 and higher.
The SUP's are loaded via the web interface in the same manner as the VPNos
images. In order to apply a SUP file via the VPNmanager, a version.txt is
not required.
Preferred process is first upgrade the VPNos to 4.5.51, then upgrade the
bootcode from either the Web Interface or the VPNmanager version 3.7.
Section VII: VPNmanager Documentation
http:\\support.avaya.com
Section VIII: Contacting Avaya Technical Support
Technical Support is available 24 hours a day, 7 days a week to
support contract holders of Avaya VPN products. Please use the
following to contact Avaya VPN support.
Avaya
1033 Murphy Ranch Road
Milpitas, CA 95035 USA
USA:
Phone +1-800-237-0016
E-mail vpnsupport@avaya.com
Global Support Site: http://support.avaya.com
EMEA (Europe Middle East Africa) Email: csctechnical@avaya.com
AP (Asia Pacific) Email: sgcoe@avaya.com
CALA (Caribbean And Latin America) Email: caladatasupp@avaya.com
Please go to the following internet website to optional regional
Avaya support contact numbers:
http://support.avaya.com/
"Navigate to drop down link named "Support" then select option "1 800 Support Directory"