Cisco Cisco ASA 5555-X Adaptive Security Appliance 發佈版本通知
19
Release Notes for Cisco ASDM, Version 6.4(x)
New Features
Remote Access Features
Portal Access Rules
This enhancement allows customers to configure a global clientless SSL VPN access policy to
permit or deny clientless SSL VPN sessions based on the data present in the HTTP header. If
denied, an error code is returned to the clients. This denial is performed before user
authentication and thus minimizes the use of processing resources.
permit or deny clientless SSL VPN sessions based on the data present in the HTTP header. If
denied, an error code is returned to the clients. This denial is performed before user
authentication and thus minimizes the use of processing resources.
We modified the following screen: Configuration > Remote Access VPN > Clientless SSL
VPN Access > Portal > Portal Access Rules.
VPN Access > Portal > Portal Access Rules.
Also available in Version 8.2(5).
Clientless support for
Microsoft Outlook Web App
2010
Microsoft Outlook Web App
2010
The ASA 8.4(2) clientless SSL VPN core rewriter now supports Microsoft Outlook Web App
2010.
2010.
Secure Hash Algorithm
SHA-2 Support for IPsec
IKEv2 Integrity and PRF
SHA-2 Support for IPsec
IKEv2 Integrity and PRF
This release supports the Secure Hash Algorithm SHA-2 for increased cryptographic hashing
security for IPsec/IKEv2 AnyConnect Secure Mobility Client connections to the ASA. SHA-2
includes hash functions with digests of 256, 384, or 512 bits, to meet U.S. government
requirements.
security for IPsec/IKEv2 AnyConnect Secure Mobility Client connections to the ASA. SHA-2
includes hash functions with digests of 256, 384, or 512 bits, to meet U.S. government
requirements.
We modified the following screen: Configuration > Remote Access VPN > Network (Client)
Access > Advanced > IPsec > IKE Policies > Add/Edit IKEv2 Policy (Proposal).
Access > Advanced > IPsec > IKE Policies > Add/Edit IKEv2 Policy (Proposal).
Secure Hash Algorithm
SHA-2 Support for Digital
Signature over IPsec IKEv2
SHA-2 Support for Digital
Signature over IPsec IKEv2
This release supports the use of SHA-2 compliant signature algorithms to authenticate IPsec
IKEv2 VPN connections that use digital certificates, with the hash sizes SHA-256, SHA-384,
and SHA-512.
IKEv2 VPN connections that use digital certificates, with the hash sizes SHA-256, SHA-384,
and SHA-512.
SHA-2 digital signature for IPsec IKEv2 connections is supported with the AnyConnect Secure
Mobility Client, Version 3.0.1 or later.
Mobility Client, Version 3.0.1 or later.
Split Tunnel DNS policy for
AnyConnect
AnyConnect
This release includes a new policy pushed down to the AnyConnect Secure Mobility Client for
resolving DNS addresses over split tunnels. This policy applies to VPN connections using the
SSL or IPsec/IKEv2 protocol and instructs the AnyConnect client to resolve all DNS addresses
through the VPN tunnel. If DNS resolution fails, the address remains unresolved and the
AnyConnect client does not try to resolve the address through public DNS servers.
resolving DNS addresses over split tunnels. This policy applies to VPN connections using the
SSL or IPsec/IKEv2 protocol and instructs the AnyConnect client to resolve all DNS addresses
through the VPN tunnel. If DNS resolution fails, the address remains unresolved and the
AnyConnect client does not try to resolve the address through public DNS servers.
By default, this feature is disabled. The client sends DNS queries over the tunnel according to
the split tunnel policy: tunnel all networks, tunnel networks specified in a network list, or
exclude networks specified in a network list.
the split tunnel policy: tunnel all networks, tunnel networks specified in a network list, or
exclude networks specified in a network list.
We modified the following screen: Configuration > Remote Access VPN > Network (Client)
Access > Group Policies > Add/Edit Group Policy > Advanced > Split Tunneling (see the Send
All DNS Lookups Through Tunnel check box).
Access > Group Policies > Add/Edit Group Policy > Advanced > Split Tunneling (see the Send
All DNS Lookups Through Tunnel check box).
Also available in Version 8.2(5).
Table 9
New Features for ASA Version 8.4(2)/ASDM Version 6.4(5) (continued)
Feature
Description