Cisco Cisco ASA 5555-X Adaptive Security Appliance 發佈版本通知
16
Release Notes for Cisco ASDM, Version 6.4(x)
New Features
Table 8
New Features for ASA Interim Version 8.4(2.8)/ASDM Version 6.4(5.106)
Feature
Description
Remote Access Features
Clientless SSL VPN browser
support
support
The ASA now supports clientless SSL VPN with Microsoft Internet Explorer 9 and Firefox 4.
Also available in Version 8.2(5.13) and 8.3.2(25).
Compression for DTLS and
TLS
TLS
To improve throughput, Cisco now supports compression for DTLS and TLS on AnyConnect
3.0 or later. Each tunneling method configures compression separately, and the preferred
configuration is to have both SSL and DTLS compression as LZS. This feature enhances
migration from legacy VPN clients.
3.0 or later. Each tunneling method configures compression separately, and the preferred
configuration is to have both SSL and DTLS compression as LZS. This feature enhances
migration from legacy VPN clients.
Note
Using data compression on high speed remote access connections passing highly
compressible data requires significant processing power on the ASA. With other
activity and traffic on the ASA, the number of sessions that can be supported on the
platform is reduced.
compressible data requires significant processing power on the ASA. With other
activity and traffic on the ASA, the number of sessions that can be supported on the
platform is reduced.
We modified the following screen: Configuration > Remote Access VPN > Clientless SSL
VPN Access > Group Policies > Edit > Edit Internal Group Policy > Advanced > AnyConnect
Client > SSL Compression.
VPN Access > Group Policies > Edit > Edit Internal Group Policy > Advanced > AnyConnect
Client > SSL Compression.
Also available in Version 8.2(5.13) and 8.3.2(25).
Clientless SSL VPN Session
Timeout Alerts
Timeout Alerts
Allows you to create custom messages to alert users that their VPN session is about to end
because of inactivity or a session timeout.
because of inactivity or a session timeout.
We introduced the following screens:
Remote Access VPN > Configuration > Clientless SSL VPN Access > Portal > Customizations
> Add/Edit > Timeout Alerts
Remote Access VPN > Configuration > Clientless SSL VPN Access > Group Policies >
Add/Edit General
> Add/Edit > Timeout Alerts
Remote Access VPN > Configuration > Clientless SSL VPN Access > Group Policies >
Add/Edit General
AAA Features
Increased maximum LDAP
values per attribute
values per attribute
The maximum number of values that the ASA can receive for a single attribute was increased
from 1000 (the default) to 5000, with an allowed range of 500 to 5000. If a response message
is received that exceeds the configured limit, the ASA rejects the authentication. If the ASA
detects that a single attribute has more than 1000 values, then the ASA generates informational
syslog 109036. For more than 5000 attributes, the ASA generates error level syslog 109037.
from 1000 (the default) to 5000, with an allowed range of 500 to 5000. If a response message
is received that exceeds the configured limit, the ASA rejects the authentication. If the ASA
detects that a single attribute has more than 1000 values, then the ASA generates informational
syslog 109036. For more than 5000 attributes, the ASA generates error level syslog 109037.
We introduced the following command: ldap-max-value-range number (Enter this command
in aaa-server host configuration mode).
in aaa-server host configuration mode).
ASDM does not support this command; enter the command using the Command Line Tool.
Support for sub-range of
LDAP search results
LDAP search results
When an LDAP search results in an attribute with a large number of values, depending on the
server configuration, it might return a sub-range of the values and expect the ASA to initiate
additional queries for the remaining value ranges. The ASA now makes multiple queries for
the remaining ranges, and combines the responses into a complete array of attribute values.
server configuration, it might return a sub-range of the values and expect the ASA to initiate
additional queries for the remaining value ranges. The ASA now makes multiple queries for
the remaining ranges, and combines the responses into a complete array of attribute values.