Cisco Cisco ASA 5555-X Adaptive Security Appliance 發佈版本通知
7
Release Notes for Cisco ASDM, Version 6.4(x)
New Features
Support for administrator
password policy when using
the local database
password policy when using
the local database
When you configure authentication for CLI or ASDM access using the local database, you can
configure a password policy that requires a user to change their password after a specified
amount of time and also requires password standards such as a minimum length and the
minimum number of changed characters.
configure a password policy that requires a user to change their password after a specified
amount of time and also requires password standards such as a minimum length and the
minimum number of changed characters.
We introduced the following screen: Configuration > Device Management > Users/AAA >
Password Policy
Password Policy
This feature is not available in 8.5(1), 8.6(1), 8.7(1), 9.0(1), 9.0(2), or 9.1(1).
Support for SSH public key
authentication
authentication
You can now enable public key authentication for SSH connections to the ASA on a per-user
basis using Base64 key up to 2048 bits.
basis using Base64 key up to 2048 bits.
We introduced the following screen: Configuration > Device Management > Users/AAA >
User Accounts > Edit User Account > Public Key Authentication
User Accounts > Edit User Account > Public Key Authentication
This feature is not available in 8.5(1), 8.6(1), 8.7(1), 9.0(1), 9.0(2), or 9.1(1).
Support for Diffie-Hellman
Group 14 for the SSH Key
Exchange
Group 14 for the SSH Key
Exchange
Support for Diffie-Hellman Group 14 for SSH Key Exchange was added. Formerly, only
Group 1 was supported.
Group 1 was supported.
We modified the following screen: Configuration > Device Management > Management
Access > ASDM/HTTPS/Telnet/SSH.
Access > ASDM/HTTPS/Telnet/SSH.
This feature is not available in 8.5(1), 8.6(1), 8.7(1), 9.0(1), 9.0(2), or 9.1(1).
Support for a maximum
number of management
sessions
number of management
sessions
You can set the maximum number of simultaneous ASDM, SSH, and Telnet sessions.
We introduced the following screen: Configuration > Device Management > Management
Access > Management Session Quota.
Access > Management Session Quota.
This feature is not available in 8.5(1), 8.6(1), 8.7(1), 9.0(1), 9.0(2), or 9.1(1).
Additional ephemeral
Diffie-Hellman ciphers for
SSL encryption
Diffie-Hellman ciphers for
SSL encryption
The ASA now supports the following ephemeral Diffie-Hellman (DHE) SSL cipher suites:
•
DHE-AES128-SHA1
•
DHE-AES256-SHA1
These cipher suites are specified in RFC 3268, Advanced Encryption Standard (AES)
Ciphersuites for Transport Layer Security (TLS).
Ciphersuites for Transport Layer Security (TLS).
When supported by the client, DHE is the preferred cipher because it provides Perfect Forward
Secrecy. See the following limitations:
Secrecy. See the following limitations:
•
DHE is not supported on SSL 3.0 connections, so make sure to also enable TLS 1.0 for the
SSL server.
SSL server.
•
Some popular applications do not support DHE, so include at least one other SSL
encryption method to ensure that a cipher suite common to both the SSL client and server
can be used.
encryption method to ensure that a cipher suite common to both the SSL client and server
can be used.
•
Some clients may not support DHE, including AnyConnect 2.5 and 3.0, Cisco Secure
Desktop, and Internet Explorer 9.0.
Desktop, and Internet Explorer 9.0.
We modified the following screen: Configuration > Device Management > Advanced > SSL
Settings.
Settings.
This feature is not available in 8.5(1), 8.6(1), 8.7(1), 9.0(1), 9.0(2), or 9.1(1).
Image verification
Support for SHA-512 image integrity checking was added.
This feature is not available in 8.5(1), 8.6(1), 8.7(1), 9.0(1), 9.0(2), or 9.1(1).
Table 4
New Features for ASA Version 8.4(4.1)/ASDM Version 6.4(9) (continued)
Feature
Description