1-15
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter1 Introduction to the Cisco ASA 5500 Series
New Features
SSL SHA-2 digital signature You can now use of SHA-2 compliant signature algorithms to authenticate SSL VPN
connections that use digital certificates. Our support for SHA-2 includes all three hash sizes:
SHA-256, SHA-384, and SHA-512. SHA-2 requires AnyConnect 2.5(1) or later (2.5(2) or later
recommended). This release does not support SHA-2 for other uses or products.
Caution: To support failover of SHA-2 connections, the standby ASA must be running the same
image.
Also available in Version 8.2(5).
SHA2 certificate signature
support for Microsoft
Windows 7 and
Android-native VPN clients
ASA supports SHA2 certificate signature support for Microsoft Windows 7 and Android-native
VPN clients when using the L2TP/IPsec protocol.
Also available in Version 8.2(5).
Enable/disable certificate
mapping to override the
group-url attribute
This feature changes the preference of a connection profile during the connection profile
selection process. By default, if the ASA matches a certificate field value specified in a
connection profile to the field value of the certificate used by the endpoint, the ASA assigns
that profile to the VPN connection. This optional feature changes the preference to a
connection profile that specifies the group URL requested by the endpoint. The new option lets
administrators rely on the group URL preference used by many older ASA software releases.
Also available in Version 8.2(5).
ASA 5585-X Features
Support for Dual SSPs for
SSP-40 and SSP-60
For SSP-40 and SSP-60, you can use two SSPs of the same level in the same chassis.
Mixed-level SSPs are not supported (for example, an SSP-40 with an SSP-60 is not supported).
Each SSP acts as an independent device, with separate configurations and management. You
can use the two SSPs as a failover pair if desired.
Note When using two SSPs in the chassis, VPN is not supported; note, however, that VPN
has not been disabled.
Support for the IPS SSP-10,
-20, -40, and -60
We introduced support for the IPS SSP-10, -20, -40, and -60 for the ASA 5585-X. You can only
install the IPS SSP with a matching-level SSP; for example, SSP-10 and IPS SSP-10.
Also available in Version 8.2(5).
CSC SSM Features
CSC SSM Support For the CSC SSM, support for the following features has been added:
HTTPS traffic redirection: URL filtering and WRS queries for incoming HTTPS
connections.
Configuring global approved whitelists for incoming and outgoing SMTP and POP3
e-mail.
E-mail notification for product license renewals.
Monitoring Features
Smart Call-Home
Anonymous Reporting
Customers can now help to improve the ASA platform by enabling Anonymous Reporting,
which allows Cisco to securely receive minimal error and health information from the device.
Also available in Version 8.2(5).
Table1-5 New Features for ASA Version 8.4(2) (continued)
Feature Description