Cisco Cisco ASA 5555-X Adaptive Security Appliance 發佈版本通知
13
Release Notes for the Cisco ASA 5500 Series, Version 8.3(x)
OL-18971-01
New Features
Object-group Expansion
Rule Reduction
Rule Reduction
Significantly reduces the network object-group expansion while maintaining a satisfactory
level of packet classification performance.
level of packet classification performance.
The following commands were modified: show object-group, clear object-group, show
access-list.
access-list.
NAT Simplification
The NAT configuration was completely redesigned to allow greater flexibility and ease of use.
You can now configure NAT using auto NAT, where you configure NAT as part of the attributes
of a network object, and manual NAT, where you can configure more advanced NAT options.
You can now configure NAT using auto NAT, where you configure NAT as part of the attributes
of a network object, and manual NAT, where you can configure more advanced NAT options.
The following commands were introduced or modified: nat (in global and object network
configuration mode), show nat, show nat pool, show xlate, show running-config nat.
configuration mode), show nat, show nat pool, show xlate, show running-config nat.
The following commands were removed: global, static, nat-control, alias.
Use of Real IP addresses in
access lists instead of
translated addresses
access lists instead of
translated addresses
When using NAT, mapped addresses are no longer required in an access list for many features.
You should always use the real, untranslated addresses when configuring these features. Using
the real address means that if the NAT configuration changes, you do not need to change the
access lists.
You should always use the real, untranslated addresses when configuring these features. Using
the real address means that if the NAT configuration changes, you do not need to change the
access lists.
The following commands and features that use access lists now use real IP addresses. These
features are automatically migrated to use real IP addresses when you upgrade to 8.3, unless
otherwise noted.
features are automatically migrated to use real IP addresses when you upgrade to 8.3, unless
otherwise noted.
•
access-group command
•
Modular Policy Framework match access-list command
•
Botnet Traffic Filter dynamic-filter enable classify-list command
•
AAA aaa ... match commands
•
WCCP wccp redirect-list group-list command
Note
WCCP is not automatically migrated when you upgrade to 8.3.
Threat Detection
Enhancements
Enhancements
You can now customize the number of rate intervals for which advanced statistics are collected.
The default number of rates was changed from 3 to 1. For basic statistics, advanced statistics,
and scanning threat detection, the memory usage was improved.
The default number of rates was changed from 3 to 1. For basic statistics, advanced statistics,
and scanning threat detection, the memory usage was improved.
The following commands were modified: threat-detection statistics port number-of-rates,
threat-detection statistics protocol number-of-rates, show threat-detection memory.
threat-detection statistics protocol number-of-rates, show threat-detection memory.
Unified Communication Features
SCCP v19 support
The IP phone support in the Cisco Phone Proxy feature was enhanced to include support for
version 19 of the SCCP protocol on the list of supported IP phones.
version 19 of the SCCP protocol on the list of supported IP phones.
Table 7
New Features for ASA Version 8.3(1) (continued)
Feature
Description