1-18
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter1 Introduction to the Cisco ASA 5500 Series
New Features
SSL SHA-2 digital
signature
You can now use of SHA-2 compliant signature algorithms to authenticate SSL VPN connections
that use digital certificates. Our support for SHA-2 includes all three hash sizes: SHA-256,
SHA-384, and SHA-512. SHA-2 requires AnyConnect 2.5(1) or later (2.5(2) or later
recommended). This release does not support SHA-2 for other uses or products.
Caution: To support failover of SHA-2 connections, the standby ASA must be running the same
image.
Also available in Version 8.4(2).
L2TP/IPsec support for
Android
We now support VPN connections between Android mobile devices and ASA 5500 series devices,
when using the L2TP/IPsec protocol and the native Android VPN client. Mobile devices must be
using the Android 2.1 or later operating system.
Also available in Version 8.4(1).
SHA2 certificate
signature support for
Microsoft Windows 7
and Android-native
VPN clients
ASA supports SHA2 certificate signature support for Microsoft Windows 7 and Android-native
VPN clients when using the L2TP/IPsec protocol.
Also available in Version 8.4(2).
Enable/disable
certificate mapping to
override the group-url
attribute
This feature changes the preference of a connection profile during the connection profile selection
process. By default, if the ASA matches a certificate field value specified in a connection profile
to the field value of the certificate used by the endpoint, the ASA assigns that profile to the VPN
connection. This optional feature changes the preference to a connection profile that specifies the
group URL requested by the endpoint. The new option lets administrators rely on the group URL
preference used by many older ASA software releases.
Also available in Version 8.4(2).
Interface Features
Support for Pause
Frames for Flow Control
on 1-Gigabit Ethernet
Interface
You can now enable pause (XOFF) frames for flow control on 1-Gigabit Ethernet interfaces;
support was previously added for 10-Gigabit Ethernet interfaces in 8.2(2).
Also available in Version 8.4(2).
Unified Communications Features
ASA-Tandberg
Interoperability with
H.323 Inspection
H.323 Inspection now supports uni-directional signaling for two-way video sessions. This
enhancement allows H.323 Inspection of one-way video conferences supported by Tandberg video
phones. Supporting uni-directional signaling allows Tandberg phones to switch video modes (close
their side of an H.263 video session and reopen the session using H.264, the compression standard
for high-definition video).
Also available in Version 8.4(2).
Routing Features
Timeout for connections
using a backup static
route
When multiple static routes exist to a network with different metrics, the ASA uses the one with
the best metric at the time of connection creation. If a better route becomes available, then this
timeout lets connections be closed so a connection can be reestablished to use the better route. The
default is 0 (the connection never times out). To take advantage of this feature, change the timeout
to a new value.
Also available in Version 8.4(2).
Table1-6 New Features for ASA Version 8.2(5) (continued)
Feature Description