Cisco Cisco ASA 5555-X Adaptive Security Appliance 發佈版本通知
12
Release Notes for the Cisco ASA 5500 Series, Version 8.3(x)
OL-18971-01
New Features
IPv6 support for IKEv1
LAN-to-LAN VPN
connections
LAN-to-LAN VPN
connections
For LAN-to-LAN connections using mixed IPv4 and IPv6 addressing, or all IPv6 addressing,
the adaptive security appliance supports VPN tunnels if both peers are Cisco ASA 5500 series
adaptive security appliances, and if both inside networks have matching addressing schemes
(both IPv4 or both IPv6).
the adaptive security appliance supports VPN tunnels if both peers are Cisco ASA 5500 series
adaptive security appliances, and if both inside networks have matching addressing schemes
(both IPv4 or both IPv6).
Specifically, the following topologies are supported when both peers are Cisco ASA 5500
series adaptive security appliances:
series adaptive security appliances:
•
The adaptive security appliances have IPv4 inside networks and the outside network is
IPv6 (IPv4 addresses on the inside interfaces and IPv6 addresses on the outside interfaces).
IPv6 (IPv4 addresses on the inside interfaces and IPv6 addresses on the outside interfaces).
•
The adaptive security appliances have IPv6 inside networks and the outside network is
IPv4 (IPv6 addresses on the inside interface and IPv4 addresses on the outside interfaces).
IPv4 (IPv6 addresses on the inside interface and IPv4 addresses on the outside interfaces).
•
The adaptive security appliances have IPv6 inside networks and the outside network is
IPv6 (IPv6 addresses on the inside and outside interfaces).
IPv6 (IPv6 addresses on the inside and outside interfaces).
Note
The defect CSCtd38078 currently prevents the Cisco ASA 5500 series from connecting
to a Cisco IOS device as the peer device of a LAN-to-LAN connection.
to a Cisco IOS device as the peer device of a LAN-to-LAN connection.
The following commands were modified or introduced: isakmp enable, crypto map, crypto
dynamic-map, tunnel-group, ipv6-vpn-filter, vpn-sessiondb, show crypto isakmp sa, show
crypto ipsec sa, show crypto debug-condition, show debug crypto, show vpn-sessiondb,
debug crypto condition, debug menu ike.
dynamic-map, tunnel-group, ipv6-vpn-filter, vpn-sessiondb, show crypto isakmp sa, show
crypto ipsec sa, show crypto debug-condition, show debug crypto, show vpn-sessiondb,
debug crypto condition, debug menu ike.
Firewall Features
Interface-Independent
Access Policies
Access Policies
You can now configure access rules that are applied globally, as well as access rules that are
applied to an interface. If the configuration specifies both a global access policy and
interface-specific access policies, the interface-specific policies are evaluated before the global
policy.
applied to an interface. If the configuration specifies both a global access policy and
interface-specific access policies, the interface-specific policies are evaluated before the global
policy.
The following command was modified: access-group global.
Network and Service
Objects
Objects
You can now create named network objects that you can use in place of a host, a subnet, or a
range of IP addresses in your configuration and named service objects that you can use in place
of a protocol and port in your configuration. You can then change the object definition in one
place, without having to change any other part of your configuration. This release introduces
support for network and service objects in the following features:
range of IP addresses in your configuration and named service objects that you can use in place
of a protocol and port in your configuration. You can then change the object definition in one
place, without having to change any other part of your configuration. This release introduces
support for network and service objects in the following features:
•
NAT
•
Access lists
•
Network object groups
The following commands were introduced or modified: object network, object service, show
running-config object, clear configure object, access-list extended, object-group network.
running-config object, clear configure object, access-list extended, object-group network.
Table 7
New Features for ASA Version 8.3(1) (continued)
Feature
Description