Cisco Cisco ASA 5555-X Adaptive Security Appliance 發佈版本通知
11
Release Notes for Cisco ASDM, Version 6.4(x)
New Features
Automatic NAT rules to
translate a VPN peer’s local
IP address back to the peer’s
real IP address
translate a VPN peer’s local
IP address back to the peer’s
real IP address
In rare situations, you might want to use a VPN peer’s real IP address on the inside network
instead of an assigned local IP address. Normally with VPN, the peer is given an assigned local
IP address to access the inside network. However, you might want to translate the local IP
address back to the peer’s real public IP address if, for example, your inside servers and
network security is based on the peer’s real IP address.
instead of an assigned local IP address. Normally with VPN, the peer is given an assigned local
IP address to access the inside network. However, you might want to translate the local IP
address back to the peer’s real public IP address if, for example, your inside servers and
network security is based on the peer’s real IP address.
You can enable this feature on one interface per tunnel group. Object NAT rules are
dynamically added and deleted when the VPN session is established or disconnected. You can
view the rules using the show nat command.
dynamically added and deleted when the VPN session is established or disconnected. You can
view the rules using the show nat command.
Note
Because of routing issues, we do not recommend using this feature unless you know
you need this feature; contact Cisco TAC to confirm feature compatibility with your
network. See the following limitations:
you need this feature; contact Cisco TAC to confirm feature compatibility with your
network. See the following limitations:
•
Only supports Cisco IPsec and AnyConnect Client.
•
Return traffic to the public IP addresses must be routed back to the ASA so the NAT
policy and VPN policy can be applied.
policy and VPN policy can be applied.
•
Does not support load-balancing (because of routing issues).
•
Does not support roaming (public IP changing).
ASDM does not support this command; enter the command using the Command Line Tool.
Remote Access Features
Clientless SSL VPN browser
support
support
The ASA now supports clientless SSL VPN with Microsoft Internet Explorer 9 and Firefox 4.
Compression for DTLS and
TLS
TLS
To improve throughput, Cisco now supports compression for DTLS and TLS on AnyConnect
3.0 or later. Each tunneling method configures compression separately, and the preferred
configuration is to have both SSL and DTLS compression as LZS. This feature enhances
migration from legacy VPN clients.
3.0 or later. Each tunneling method configures compression separately, and the preferred
configuration is to have both SSL and DTLS compression as LZS. This feature enhances
migration from legacy VPN clients.
Note
Using data compression on high speed remote access connections passing highly
compressible data requires significant processing power on the ASA. With other
activity and traffic on the ASA, the number of sessions that can be supported on the
platform is reduced.
compressible data requires significant processing power on the ASA. With other
activity and traffic on the ASA, the number of sessions that can be supported on the
platform is reduced.
We modified the following screen: Configuration > Remote Access VPN > Clientless SSL
VPN Access > Group Policies > Edit > Edit Internal Group Policy > Advanced > AnyConnect
Client > SSL Compression.
VPN Access > Group Policies > Edit > Edit Internal Group Policy > Advanced > AnyConnect
Client > SSL Compression.
Clientless SSL VPN Session
Timeout Alerts
Timeout Alerts
Allows you to create custom messages to alert users that their VPN session is about to end
because of inactivity or a session timeout.
because of inactivity or a session timeout.
We introduced the following screens:
Remote Access VPN > Configuration > Clientless SSL VPN Access > Portal > Customizations
> Add/Edit > Timeout Alerts
Remote Access VPN > Configuration > Clientless SSL VPN Access > Group Policies >
Add/Edit General
> Add/Edit > Timeout Alerts
Remote Access VPN > Configuration > Clientless SSL VPN Access > Group Policies >
Add/Edit General
AAA Features
Table 5
New Features for ASA Version 8.4(3)/ASDM Version 6.4(7) (continued)
Feature
Description