Cisco Cisco ASA 5520 Adaptive Security Appliance Notas de publicación
2
Release Notes for the Cisco ASA Device Package Software, Version 1.2(5.21) for ACI
Supported ASA Models
Supported ASA Models
The following table lists the supported ASA models.
Supported APIC Versions
Cisco ASA Device Package Software supports only the version of APIC that it is shipped with.
New Features in 1.2(5.21)
Three caveats were resolved in release 1.2(5.21). For details, see the
New Features in 1.2(5.5)
This release includes support for Cisco TrustSec.
Cisco TrustSec enables you to avoid the extensive manual maintenance required for traditional network
segmentation, which uses VLANs and access control lists (ACLs) that are based on IP addresses. Cisco
TrustSec simplifies network segmentation by dynamically organizing machines into logical groups,
called security groups, and enabling security policies to be written using security group tags.
segmentation, which uses VLANs and access control lists (ACLs) that are based on IP addresses. Cisco
TrustSec simplifies network segmentation by dynamically organizing machines into logical groups,
called security groups, and enabling security policies to be written using security group tags.
Cisco TrustSec uses the Cisco Identity Services Engine as a centralized policy management platform to
gather contextual data about who and what is accessing your network. You can then use this information
to create security groups and to assign access rights based on role, function, location, and other criteria.
For more information about Cisco TrustSec, see
gather contextual data about who and what is accessing your network. You can then use this information
to create security groups and to assign access rights based on role, function, location, and other criteria.
For more information about Cisco TrustSec, see
.
The following support for the Cisco TrustSec functionality is included in ASA Device Package 1.2(5):
•
AAA server group - Configures the AAA server parameters for the ASA to communicate with the
ISE server.
ISE server.
–
Server group used for environment data retrieval, specifically the Security Group table from ISE
•
Configuring the Security Exchange Protocol (SXP) involves enabling the protocol in the ASA and
setting the following values for SXP:
setting the following values for SXP:
–
The source IP address of SXP connections and SXP peer IP address and their role
–
The authentication password between SXP peers
–
The retry interval for SXP connections
–
The Cisco TrustSec SXP reconcile period
ASA Model
Software Version
ASA 5500-X (5512 through 5555)
ASA software Version 8.4(x) and later
ASA 5585-X
(SSP 10 through SSP 60)
ASAv