Cisco Cisco ASA 5555-X Adaptive Security Appliance 發佈版本通知
12
Release Notes for Cisco ASDM, Version 6.4(x)
New Features
New Features in ASDM 6.4(5.206)
Released: October 24, 2011
There are no new features in Version 6.4(5.206).
New Features in ASDM 6.4(5.205)
Released: October 18, 2011
Due to caveat CSCtt45397, “ASDM Launcher version 1.5(53) fails to connect to ASA,” this release has
been removed from Cisco.com. Please upgrade to Version 6.4(5.206) or later.
been removed from Cisco.com. Please upgrade to Version 6.4(5.206) or later.
There are no new features in Version 6.4(5.205).
New Features in ASDM 6.4(5.204)
Released: October 11, 2011
Increased maximum LDAP
values per attribute
values per attribute
The maximum number of values that the ASA can receive for a single attribute was increased
from 1000 (the default) to 5000, with an allowed range of 500 to 5000. If a response message
is received that exceeds the configured limit, the ASA rejects the authentication. If the ASA
detects that a single attribute has more than 1000 values, then the ASA generates informational
syslog 109036. For more than 5000 attributes, the ASA generates error level syslog 109037.
from 1000 (the default) to 5000, with an allowed range of 500 to 5000. If a response message
is received that exceeds the configured limit, the ASA rejects the authentication. If the ASA
detects that a single attribute has more than 1000 values, then the ASA generates informational
syslog 109036. For more than 5000 attributes, the ASA generates error level syslog 109037.
We introduced the following command: ldap-max-value-range number (Enter this command
in aaa-server host configuration mode).
in aaa-server host configuration mode).
ASDM does not support this command; enter the command using the Command Line Tool.
Support for sub-range of
LDAP search results
LDAP search results
When an LDAP search results in an attribute with a large number of values, depending on the
server configuration, it might return a sub-range of the values and expect the ASA to initiate
additional queries for the remaining value ranges. The ASA now makes multiple queries for
the remaining ranges, and combines the responses into a complete array of attribute values.
server configuration, it might return a sub-range of the values and expect the ASA to initiate
additional queries for the remaining value ranges. The ASA now makes multiple queries for
the remaining ranges, and combines the responses into a complete array of attribute values.
Key vendor-specific
attributes (VSAs) sent in
RADIUS access request and
accounting request packets
from the ASA
attributes (VSAs) sent in
RADIUS access request and
accounting request packets
from the ASA
Four New VSAs—Tunnel Group Name (146) and Client Type (150) are sent in RADIUS access
request packets from the ASA. Session Type (151) and Session Subtype (152) are sent in
RADIUS accounting request packets from the ASA. All four attributes are sent for all
accounting request packet types: Start, Interim-Update, and Stop. The RADIUS server (for
example, ACS and ISE) can then enforce authorization and policy attributes or use them for
accounting and billing purposes.
request packets from the ASA. Session Type (151) and Session Subtype (152) are sent in
RADIUS accounting request packets from the ASA. All four attributes are sent for all
accounting request packet types: Start, Interim-Update, and Stop. The RADIUS server (for
example, ACS and ISE) can then enforce authorization and policy attributes or use them for
accounting and billing purposes.
Troubleshooting Features
Regular expression
matching for the show asp
table classifier and show
asp table filter commands
matching for the show asp
table classifier and show
asp table filter commands
You can now enter the show asp table classifier and show asp table filter commands with a
regular expression to filter output.
regular expression to filter output.
We modified the following commands: show asp table classifier match regex, show asp table
filter match regex.
filter match regex.
ASDM does not support this command; enter the command using the Command Line Tool.
Table 5
New Features for ASA Version 8.4(3)/ASDM Version 6.4(7) (continued)
Feature
Description