1-19
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter1 Introduction to the Cisco ASA 5500 Series
New Features
New Features in Version 8.4(1)
Released: January 31, 2011
Table 1 -7 lists the new features for ASA Version 8.4(1).
Table1-7 New Features for ASA Version 8.4(1)
Feature Description
Hardware Features
Support for the ASA5585-X We introduced support for the ASA 5585-X with Security Services Processor (SSP)-10, -20,
-40, and -60.
Note Support was previously added in 8.2(3) and 8.2(4); the ASA 5585-X is not supported
in 8.3(x).
No Payload Encryption
hardware for export
You can purchase the ASA 5585-X with No Payload Encryption. For export to some countries,
payload encryption cannot be enabled on the Cisco ASA 5500 series. The ASA software senses
a No Payload Encryption model, and disables the following features:
Unified Communications
VPN
You can still install the Strong Encryption (3DES/AES) license for use with management
connections. For example, you can use ASDM HTTPS/SSL, SSHv2, Telnet and SNMPv3. You
can also download the dynamic database for the Botnet Traffic Filer (which uses SSL).
Remote Access Features
L2TP/IPsec Support on
Android Platforms
We now support VPN connections between Android mobile devices and ASA 5500 series
devices, when using the L2TP/IPsec protocol and the native Android VPN client. Mobile
devices must be using the Android 2.1, or later, operating system.
Also available in Version 8.2(5).
UTF-8 Character Support
for AnyConnect Passwords
AnyConnect 3.0 used with ASA 8.4(1), supports UTF-8 characters in passwords sent using
RADIUS/MSCHAP and LDAP protocols.
IPsec VPN Connections with
IKEv2
Internet Key Exchange Version 2 (IKEv2) is the latest key exchange protocol used to establish
and control Internet Protocol Security (IPsec) tunnels. The ASA now supports IPsec with
IKEv2 for the AnyConnect Secure Mobility Client, Version 3.0(1), for all client operating
systems.
On the ASA, you enable IPsec connections for users in the group policy. For the AnyConnect
client, you specify the primary protocol (IPsec or SSL) for each ASA in the server list of the
client profile.
IPsec remote access VPN using IKEv2 was added to the AnyConnect Essentials and
AnyConnect Premium licenses.
Site-to-site sessions were added to the Other VPN license (formerly IPsec VPN). The Other
VPN license is included in the Base license.
We modified the following commands: vpn-tunnel-protocol, crypto ikev2 policy, crypto
ikev2 enable, crypto ipsec ikev2, crypto dynamic-map, crypto map.