Cisco Cisco ASA 5555-X Adaptive Security Appliance 發佈版本通知
10
Release Notes for Cisco ASDM, Version 6.4(x)
New Features
lists the new features for ASA Version 8.4(3)/ASDM Version 6.4(7).
Table 5
New Features for ASA Version 8.4(3)/ASDM Version 6.4(7)
Feature
Description
NAT Features
Round robin PAT pool
allocation uses the same IP
address for existing hosts
allocation uses the same IP
address for existing hosts
When using a PAT pool with round robin allocation, if a host has an existing connection, then
subsequent connections from that host will use the same PAT IP address if ports are available.
subsequent connections from that host will use the same PAT IP address if ports are available.
We did not modify any screens.
This feature is not available in 8.5(1).
Flat range of PAT ports for a
PAT pool
PAT pool
If available, the real source port number is used for the mapped port. However, if the real port
is not available, by default the mapped ports are chosen from the same range of ports as the real
port number: 0 to 511, 512 to 1023, and 1024 to 65535. Therefore, ports below 1024 have only
a small PAT pool.
is not available, by default the mapped ports are chosen from the same range of ports as the real
port number: 0 to 511, 512 to 1023, and 1024 to 65535. Therefore, ports below 1024 have only
a small PAT pool.
If you have a lot of traffic that uses the lower port ranges, when using a PAT pool, you can now
specify a flat range of ports to be used instead of the three unequal-sized tiers: either 1024 to
65535, or 1 to 65535.
specify a flat range of ports to be used instead of the three unequal-sized tiers: either 1024 to
65535, or 1 to 65535.
We modified the following screens:
Configuration > Firewall > NAT Rules > Add/Edit Network Object
Configuration > Firewall > NAT Rules > Add/Edit NAT Rule
Configuration > Firewall > NAT Rules > Add/Edit NAT Rule
This feature is not available in 8.5(1).
Extended PAT for a PAT pool Each PAT IP address allows up to 65535 ports. If 65535 ports do not provide enough
translations, you can now enable extended PAT for a PAT pool. Extended PAT uses 65535 ports
per service, as opposed to per IP address, by including the destination address and port in the
translation information.
per service, as opposed to per IP address, by including the destination address and port in the
translation information.
We modified the following screens:
Configuration > Firewall > NAT Rules > Add/Edit Network Object
Configuration > Firewall > NAT Rules > Add/Edit NAT Rule
Configuration > Firewall > NAT Rules > Add/Edit NAT Rule
This feature is not available in 8.5(1).
Configurable timeout for
PAT xlate
PAT xlate
When a PAT xlate times out (by default after 30 seconds), and the ASA reuses the port for a
new translation, some upstream routers might reject the new connection because the previous
connection might still be open on the upstream device. The PAT xlate timeout is now
configurable, to a value between 30 seconds and 5 minutes.
new translation, some upstream routers might reject the new connection because the previous
connection might still be open on the upstream device. The PAT xlate timeout is now
configurable, to a value between 30 seconds and 5 minutes.
We modified the following screen: Configuration > Firewall > Advanced > Global Timeouts.
This feature is not available in 8.5(1).