Cisco Cisco ASA 5515-X Adaptive Security Appliance Notas de publicación
2
Release Notes for the Cisco ASA Device Package Software, Version 1.2(4) for ACI
New Features in 1.2(4)
New Features in 1.2(4)
We have added support for the following new commands:
•
same-security-traffic permit intra-interface
•
arp timeout
•
dns retries
•
dns timeout
Important Notes
Pay attention to the following important notes:
•
The ASAv does not support multiple context mode.
•
ACE with dynamic EPG requires ASA image 9.3.2 or later.
APIC 1.2(x) and ASA 9.3(1)
If you are running APIC 1.2(x) with ASA 9.3(1), which has a default SSL configuration, you will see
the following error:
the following error:
*Major script error : Connection error : [SSL:SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert
handshake failure(_ssl.c:581)*
The work around is to have ssl encryption aes128-sha1 configured on the ASA, or to upgrade the ASA
to version 9.3(2) or later.
to version 9.3(2) or later.
The Policy Manager Lock Ups when an Incomplete BGP XML is
Sent
Sent
Symptom
The Policy Manager crashes when the l3Out that is used for BGP peering for the service
appliance has an incomplete configuration (CSCuw03425).
Conditions
The l3Out used for BGP peering for the service appliance is missing l3extRsNodeL3OutAtt.
Workaround
Make sure that the l3Out contains l3extRsNodeL3OutAtt. This problem will be fixed in a
subsequent release.
The following shows the BGP XML example with l3extRsNodeL3OutAtt:
<polUni>
<fvTenant name="tenant1">
<l3extOut name="StaticExternal">
<l3extLNodeP name="bLeaf-101">
<l3extRsNodeL3OutAtt tDn="topology/pod-1/node-101" rtrId="190.0.0.11">
<ipRouteP ip="50.50.50.0/24">
<ipNexthopP nhAddr="40.40.40.102/32"/>