Cisco Cisco ASA 5555-X Adaptive Security Appliance 發佈版本通知
28
Release Notes for Cisco ASDM, Version 6.4(x)
New Features
New Features in ASA 8.4(1)/ASDM 6.4(1)
Released: January 31, 2011
lists the new features for ASA Version 8.4(1)/ASDM Version 6.4(1).
Table 11
New Features for ASA Version 8.4(1.11)/ASDM Version 6.4(2)
Feature
Description
Firewall Features
PAT pool and round robin
address assignment
address assignment
You can now specify a pool of PAT addresses instead of a single address. You can also
optionally enable round-robin assignment of PAT addresses instead of first using all ports on a
PAT address before using the next address in the pool. These features help prevent a large
number of connections from a single PAT address from appearing to be part of a DoS attack
and makes configuration of large numbers of PAT addresses easy.
optionally enable round-robin assignment of PAT addresses instead of first using all ports on a
PAT address before using the next address in the pool. These features help prevent a large
number of connections from a single PAT address from appearing to be part of a DoS attack
and makes configuration of large numbers of PAT addresses easy.
Note
Currently in 8.4(1.11), the PAT pool feature is not available as a fallback method for
dynamic NAT or PAT. You can only configure the PAT pool as the primary method for
dynamic PAT (CSCtq20634).
dynamic NAT or PAT. You can only configure the PAT pool as the primary method for
dynamic PAT (CSCtq20634).
We modified the following screens:
Configuration > Firewall > NAT Rules > Add/Edit Network Object
Configuration > Firewall > NAT Rules > Add/Edit NAT Rule
Configuration > Firewall > NAT Rules > Add/Edit NAT Rule
Table 12
New Features for ASA Version 8.4(1)/ASDM Version 6.4(1)
Feature
Description
Hardware Features
Support for the ASA 5585-X We introduced support for the ASA 5585-X with Security Services Processor (SSP)-10, -20,
-40, and -60.
Note
Support was previously added in 8.2(3) and 8.2(4); the ASA 5585-X is not supported
in 8.3(x).
in 8.3(x).
No Payload Encryption
hardware for export
hardware for export
You can purchase the ASA 5585-X with No Payload Encryption. For export to some countries,
payload encryption cannot be enabled on the Cisco ASA 5500 series. The ASA software senses
a No Payload Encryption model, and disables the following features:
payload encryption cannot be enabled on the Cisco ASA 5500 series. The ASA software senses
a No Payload Encryption model, and disables the following features:
•
Unified Communications
•
VPN
You can still install the Strong Encryption (3DES/AES) license for use with management
connections. For example, you can use ASDM HTTPS/SSL, SSHv2, Telnet and SNMPv3. You
can also download the dynamic database for the Botnet Traffic Filer (which uses SSL).
connections. For example, you can use ASDM HTTPS/SSL, SSHv2, Telnet and SNMPv3. You
can also download the dynamic database for the Botnet Traffic Filer (which uses SSL).
Remote Access Features
L2TP/IPsec Support on
Android Platforms
Android Platforms
We now support VPN connections between Android mobile devices and ASA 5500 series
devices, when using the L2TP/IPsec protocol and the native Android VPN client. Mobile
devices must be using the Android 2.1, or later, operating system.
devices, when using the L2TP/IPsec protocol and the native Android VPN client. Mobile
devices must be using the Android 2.1, or later, operating system.
Also available in Version 8.2(5).