Cisco Cisco Catalyst 6500 Series 7600 Series ASA Services Module Documentation Roadmaps
New Features in Version 8.1
New Features in ASA 8.1(2)/ASDM 6.1(5)
Released: October 10, 2008
Description
Feature
Remote Access Features
This feature lets you enable the replacement of logon credentials for WININET
connections. Most Microsoft applications use WININET, including Internet Explorer.
Mozilla Firefox does not, so it is not supported by this feature. It also supports
HTTP-based authentication, therefore form-based authentication does not work with
this feature.
connections. Most Microsoft applications use WININET, including Internet Explorer.
Mozilla Firefox does not, so it is not supported by this feature. It also supports
HTTP-based authentication, therefore form-based authentication does not work with
this feature.
Credentials are statically associated to destination hosts, not services, so if initial
credentials are wrong, they cannot be dynamically corrected during runtime. Also,
because of the association with destinations hosts, providing support for an auto
sign-on enabled host may not be desirable if you want to deny access to some of the
services on that host.
credentials are wrong, they cannot be dynamically corrected during runtime. Also,
because of the association with destinations hosts, providing support for an auto
sign-on enabled host may not be desirable if you want to deny access to some of the
services on that host.
To configure a group auto sign-on for smart tunnels, you create a global list of auto
sign-on sites, then assign the list to group policies or user names. This feature is not
supported with Dynamic Access Policy.
sign-on sites, then assign the list to group policies or user names. This feature is not
supported with Dynamic Access Policy.
In ASDM, see Configuration > Firewall > Advanced > ACL Manager.
Auto Sign-On with
Smart Tunnels for IE
Smart Tunnels for IE
ASDM 6.1.3 (which lets you manage security appliances running Versions 8.0x and
8.1x) includes a link to the Entrust website to apply for temporary (test) or discounted
permanent SSL identity certificates for your ASA.
8.1x) includes a link to the Entrust website to apply for temporary (test) or discounted
permanent SSL identity certificates for your ASA.
In ASDM, see Configuration > Remote Access VPN > Certificate Management
> Identity Certificates > Enroll ASA SSL VPN head-end with Entrust.
> Identity Certificates > Enroll ASA SSL VPN head-end with Entrust.
Entrust Certificate
Provisioning
Provisioning
You can configure the security appliance to give remote users more time to enter
their credentials on a Phase 1 SA rekey. Previously, when reauthenticate-on-rekey
was configured for IKE tunnels and a phase 1 rekey occurred, the security appliance
prompted the user to authenticate and only gave the user approximately 2 minutes to
enter their credentials. If the user did not enter their credentials in that 2 minute
window, the tunnel would be terminated. With this new feature enabled, users now
have more time to enter credentials before the tunnel drops. The total amount of time
is the difference between the new Phase 1 SA being established, when the rekey
actually takes place, and the old Phase 1 SA expiring. With default Phase 1 rekey
times set, the difference is roughly 3 hours, or about 15% of the rekey interval.
their credentials on a Phase 1 SA rekey. Previously, when reauthenticate-on-rekey
was configured for IKE tunnels and a phase 1 rekey occurred, the security appliance
prompted the user to authenticate and only gave the user approximately 2 minutes to
enter their credentials. If the user did not enter their credentials in that 2 minute
window, the tunnel would be terminated. With this new feature enabled, users now
have more time to enter credentials before the tunnel drops. The total amount of time
is the difference between the new Phase 1 SA being established, when the rekey
actually takes place, and the old Phase 1 SA expiring. With default Phase 1 rekey
times set, the difference is roughly 3 hours, or about 15% of the rekey interval.
In ASDM, see Configuration > Device Management > Certificate Management
> Identity Certificates.
> Identity Certificates.
Extended Time for
User
Reauthentication on
IKE Rekey
User
Reauthentication on
IKE Rekey
Cisco ASA New Features by Release
183
Cisco ASA New Features
New Features in Version 8.1