Cisco Cisco Catalyst 6500 Series 7600 Series ASA Services Module 發佈版本通知
4
Release Notes for Cisco ASDM, Version 7.3(x)
System Requirements
7 update 45 ASDM shows a yellow warning
about the missing Permissions
attribute when using an untrusted
certificate
attribute when using an untrusted
certificate
Due to a bug in Java, if you do not have a trusted certificate installed on
the ASA, you see a yellow warning about a missing Permissions attribute
in the JAR manifest. It is safe to ignore this warning; ASDM 7.2 and
later includes the Permissions attribute. To prevent the warning from
appearing, install a trusted certificate (from a known CA); or generate a
self-signed certificate on the ASA by choosing Configuration > Device
Management > Certificates > Identity Certificates. Launch ASDM,
and when the certificate warning is shown, check the Always trust
connections to websites check box.
the ASA, you see a yellow warning about a missing Permissions attribute
in the JAR manifest. It is safe to ignore this warning; ASDM 7.2 and
later includes the Permissions attribute. To prevent the warning from
appearing, install a trusted certificate (from a known CA); or generate a
self-signed certificate on the ASA by choosing Configuration > Device
Management > Certificates > Identity Certificates. Launch ASDM,
and when the certificate warning is shown, check the Always trust
connections to websites check box.
7
Requires strong encryption license
(3DES/AES) on ASA
(3DES/AES) on ASA
ASDM requires an SSL connection to the ASA. You can request a 3DES
license from Cisco:
license from Cisco:
1.
2.
Click Continue to Product License Registration.
3.
In the Licensing Portal, click Get Other Licenses next to the text
field.
field.
4.
Choose IPS, Crypto, Other... from the drop-down list.
5.
Type ASA in to the Search by Keyword field.
6.
Select Cisco ASA 3DES/AES License in the Product list, and click
Next.
Next.
7.
Enter the serial number of the ASA, and follow the prompts to request
a 3DES/AES license for the ASA.
a 3DES/AES license for the ASA.
All
•
Self-signed certificate or an
untrusted certificate
untrusted certificate
•
IPv6
•
Firefox and Safari
When the ASA uses a self-signed certificate or an untrusted certificate,
Firefox and Safari are unable to add security exceptions when browsing
using HTTPS over IPv6. See
Firefox and Safari are unable to add security exceptions when browsing
using HTTPS over IPv6. See
. This caveat
affects all SSL connections originating from Firefox or Safari to the ASA
(including ASDM connections). To avoid this caveat, configure a proper
certificate for the ASA that is issued by a trusted certificate authority.
(including ASDM connections). To avoid this caveat, configure a proper
certificate for the ASA that is issued by a trusted certificate authority.
•
SSL encryption on the ASA
must include both RC4-MD5
and RC4-SHA1 or disable SSL
false start in Chrome.
must include both RC4-MD5
and RC4-SHA1 or disable SSL
false start in Chrome.
•
Chrome
If you change the SSL encryption on the ASA to exclude both RC4-MD5
and RC4-SHA1 algorithms (these algorithms are enabled by default), then
Chrome cannot launch ASDM due to the Chrome “SSL false start”
feature. We suggest re-enabling one of these algorithms (see the
Configuration > Device Management > Advanced > SSL Settings
pane); or you can disable SSL false start in Chrome using the
--disable-ssl-false-start flag according to
and RC4-SHA1 algorithms (these algorithms are enabled by default), then
Chrome cannot launch ASDM due to the Chrome “SSL false start”
feature. We suggest re-enabling one of these algorithms (see the
Configuration > Device Management > Advanced > SSL Settings
pane); or you can disable SSL false start in Chrome using the
--disable-ssl-false-start flag according to
IE9 for servers
For Internet Explorer 9.0 for servers, the “Do not save encrypted pages to
disk” option is enabled by default (See Tools > Internet Options >
Advanced). This option causes the initial ASDM download to fail. Be sure
to disable this option to allow ASDM to download.
disk” option is enabled by default (See Tools > Internet Options >
Advanced). This option causes the initial ASDM download to fail. Be sure
to disable this option to allow ASDM to download.
OS X
On OS X, you may be prompted to install Java the first time you run
ASDM; follow the prompts as necessary. ASDM will launch after the
installation completes.
ASDM; follow the prompts as necessary. ASDM will launch after the
installation completes.
Table 2
Java Caveats for ASDM Compatibility (continued)
Java
Version
Version
Conditions
Notes