Cisco Cisco ASA 5512-X Adaptive Security Appliance Release Notes
15
Release Notes for the Cisco ASA 5500 Series, Version 8.2(x)
New Features
lists the new features for ASA Version 8.2(3).
New Features in Version 8.2(2)
Released: January 11, 2010
Table 11
New Features for ASA Version 8.2(3)
Feature
Description
Hardware Features
Support for the Cisco
ASA 5585-X with
SSP-20 and SSP-60
ASA 5585-X with
SSP-20 and SSP-60
Support for the ASA 5585-X with Security Services Processor (SSP)-20 and -60 was introduced.
Note
The ASA 5585-X is not supported in Version 8.3(x).
Remote Access Features
2048-bit RSA certificate
and Diffie-Hellman
Group 5 (DH5)
performance
improvement
and Diffie-Hellman
Group 5 (DH5)
performance
improvement
(ASA 5510, ASA 5520, ASA 5540, and ASA 5550 only) We strongly recommend that you enable
hardware processing instead of software for large modulus operations such as 2048-bit certificates
and DH5 keys. If you continue to use software processing for large keys, you could experience
significant performance degradation due to slow session establishment for IPsec and SSL VPN
connections. We recommend that you initially enable hardware processing during a low-use or
maintenance period to minimize a temporary packet loss that can occur during the transition of
processing from software to hardware.
hardware processing instead of software for large modulus operations such as 2048-bit certificates
and DH5 keys. If you continue to use software processing for large keys, you could experience
significant performance degradation due to slow session establishment for IPsec and SSL VPN
connections. We recommend that you initially enable hardware processing during a low-use or
maintenance period to minimize a temporary packet loss that can occur during the transition of
processing from software to hardware.
Note
For the ASA 5540 and ASA 5550 using SSL VPN, in specific load conditions, you may
want to continue to use software processing for large keys. If VPN sessions are added very
slowly and the ASA runs at capacity, then the negative impact to data throughput is larger
than the positive impact for session establishment.
want to continue to use software processing for large keys. If VPN sessions are added very
slowly and the ASA runs at capacity, then the negative impact to data throughput is larger
than the positive impact for session establishment.
Note
The ASA 5580/5585-X platforms already integrate this capability; therefore, crypto engine
commands are not applicable on these platforms.
commands are not applicable on these platforms.
The following commands were introduced or modified: crypto engine large-mod-accel, clear
configure crypto engine, show running-config crypto engine, and show running-config crypto.
configure crypto engine, show running-config crypto engine, and show running-config crypto.
Also available in Version 8.3(2).
Microsoft Internet
Explorer proxy
lockdown control
Explorer proxy
lockdown control
Enabling this feature hides the Connections tab in Microsoft Internet Explorer for the duration of
an AnyConnect VPN session. Disabling the feature leaves the display of the Connections tab
unchanged; the default setting for the tab can be shown or hidden, depending on the user registry
settings.
an AnyConnect VPN session. Disabling the feature leaves the display of the Connections tab
unchanged; the default setting for the tab can be shown or hidden, depending on the user registry
settings.
The following command was introduced: msie-proxy lockdown.
Trusted Network
Detection Pause and
Resume
Detection Pause and
Resume
This feature enables the AnyConnect client to retain its session information and cookie so that it
can seamlessly restore connectivity after the user leaves the office, as long as the session does not
exceed the idle timer setting. This feature requires an AnyConnect release that supports TND pause
and resume.
can seamlessly restore connectivity after the user leaves the office, as long as the session does not
exceed the idle timer setting. This feature requires an AnyConnect release that supports TND pause
and resume.