Cisco Cisco ASA 5525-X Adaptive Security Appliance Instrucciones De Seguridad Importantes
Q&A
© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 6
Q.
What reports are available with the Botnet Traffic Filter?
A.
The Botnet Traffic Filter offers a top infected hosts report, a top botnet domains (or “sites”)
report, and a top botnet ports report.
Q.
Is there a license to enable the Botnet Traffic Filter?
A.
Yes, an annual license is required to enable this feature.
Q.
What versions of Simple Network Management Protocol (SNMP) does Cisco ASA
Software Release 8.2 support?
A.
Cisco ASA Software Release 8.2 supports SNMPv2c and SNMPv3. With SNMPv3, customers
can configure secure telemetry with supported SNMP managers and gateways.
Q.
Can SNMPv3 be used with the Cisco ASA 5500 Series and with the Cisco Security
Monitoring, Analysis, and Response System (Cisco Security MARS)?
A.
In order to use SNMPv3 between a Cisco ASA appliance and Cisco Security MARS, a third-
party SNMPv3-to-SNMPv2 gateway must be used.
Q.
What are the details of SNMPv3 implementation on Cisco ASA Software Release 8.2?
A.
The SNMPv3 implementation for Cisco ASA Software Release 8.2 supports the user-based
security model described in
RFC 3414
and the view-based access control model described in
RFC 3415
.
Q.
Does Cisco ASA Software Release 8.2 support Cisco Net Flow?
A.
Cisco ASA Software Release 8.2 supports the NetFlow Secure Event Logging feature, which
uses NetFlow v9 templates. This feature is particularly useful in performing connection logging
in high-performance environments.
Q.
What does the Cisco ASA Unified Communications Proxy feature for Cisco ASA 5580
provide?
A.
The Cisco ASA Unified Communications Proxy feature for the Cisco ASA 5580 extends the
popular Unified Communications Proxy features (Phone Proxy, Mobility Proxy, Presence
Federation Proxy, and TLS Proxy) to the Cisco ASA 5580. This increases the maximum
capacity of the Unified Communications Proxy solution to 10,000 sessions for TLS Proxy,
Mobility Proxy, and Presence Federation Proxy, and to 5000 sessions for Phone Proxy.
Q.
What new multicast support is provided in Cisco ASA Software Release 8.2?
A.
Currently, Cisco ASA Software supports source address Network Address Translation (NAT)
on unicast and multicast traffic. However, under certain scenarios, it is necessary to separate
internal multicast data streams from external multicast data streams while they are using the
same group address. The multicast group NAT feature transfers group addresses of external
multicast traffic to other group addresses so that internal hosts can distinguish between the
internal and external multicast traffic by subscribing to different multicast groups.
Q.
When would it be useful to enable the new TCP state bypass feature in Cisco ASA
Software Release 8.2?
A.
The TCP state bypass feature allows certain traffic to bypass the TCP state machine. This is
particularly useful in asymmetric routing scenarios where two ASA appliances are in different
locations and are not Layer 2 adjacent.