Cisco Cisco ASA 5555-X Adaptive Security Appliance - No Payload Encryption
3
Release Notes for the Cisco ASA 5500 Series, Version 8.4(x)
Limitations and Restrictions
tunnel groups, whereas in ASDM they are referred to as Connection Profiles. A VPN policy is an
aggregation of Connection Profile, Group Policy, and Dynamic Access Policy authorization
attributes.
aggregation of Connection Profile, Group Policy, and Dynamic Access Policy authorization
attributes.
•
Cosmetic startup message issue on the ASA 5585-X—Cisco manufacturing recently discovered a
process error that resulted in loading a test build of BIOS firmware on many early shipments of the
ASA 5585-X. On the affected units, more text than usual displays on the console during startup
before reaching the “rommon>” prompt. Included in the extra output is the following message
banner:
process error that resulted in loading a test build of BIOS firmware on many early shipments of the
ASA 5585-X. On the affected units, more text than usual displays on the console during startup
before reaching the “rommon>” prompt. Included in the extra output is the following message
banner:
CISCO SYSTEMS Spyker Build, TEST build not for Customer Release
Embedded BIOS Version 2.0(7)2 19:59:57 01/04/11
While you may see this additional text, there is no functional impact to the ASA operation; you can
ignore the additional text. The test build provides additional information that can be used by
engineers to pinpoint hardware problems during the manufacturing process. Unfortunately, there is
no field-upgradeable resolution to eliminate this message that does not require replacing the
hardware.
ignore the additional text. The test build provides additional information that can be used by
engineers to pinpoint hardware problems during the manufacturing process. Unfortunately, there is
no field-upgradeable resolution to eliminate this message that does not require replacing the
hardware.
Hardware with a serial number that falls within the following ranges could be impacted by this
cosmetic issue. Note that not all serial numbers within these ranges are impacted.
cosmetic issue. Note that not all serial numbers within these ranges are impacted.
–
JMX1449xxxx – JMX1520xxxx
–
JAF1450xxxx – JAF1516xxxx (for ASA-SSP-20-K8= only)
Hardware with the following Product IDs for the preceding serial numbers could be impacted by this
cosmetic issue:
cosmetic issue:
–
ASA5585-S20-K8
–
ASA5585-S20-K9
–
ASA5585-S20P20-K8
–
ASA5585-S20P20-K9
–
ASA5585-S20P20XK9
–
ASA5585-S20X-K9
–
ASA-SSP-20-K8=
Limitations and Restrictions
•
No SNMP Traps during insertion/removal of power supply (CSCul90037)—The power supplies in
the ASA 5585-X are hot swappable field replaceable units. In the event of a power supply failure,
an SNMP trap is sent from the ASA to the configured trap receiver. However, when you restore
power, the ASA does not send an additional SNMP trap.
the ASA 5585-X are hot swappable field replaceable units. In the event of a power supply failure,
an SNMP trap is sent from the ASA to the configured trap receiver. However, when you restore
power, the ASA does not send an additional SNMP trap.
Workaround: When using Cisco Prime Network to monitor ASA 5585s, the network operator must
manually clear a power supply fault condition within the EMS.
manually clear a power supply fault condition within the EMS.
•
Currently in 8.4(2) and later, the PAT pool feature is not available as a fallback method for dynamic
NAT or PAT. You can only configure the PAT pool as the primary method for dynamic PAT. For
example, if you enter the following twice NAT command that configures a PAT pool (object2) for
fallback when the addresses in object1 are used up, you see the following error message:
NAT or PAT. You can only configure the PAT pool as the primary method for dynamic PAT. For
example, if you enter the following twice NAT command that configures a PAT pool (object2) for
fallback when the addresses in object1 are used up, you see the following error message:
hostname(config)# nat (inside,outside) source dynamic any object1 pat-pool object2
interface round-robin
ERROR: Same mapped parameter cannot be used to do both NAT and PAT.
ERROR: NAT pool allocation failed.