1-21
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter1 Introduction to the Cisco ASA 5500 Series
New Features
Clientless VPN Auto
Sign-on Enhancement
Smart tunnel now supports HTTP-based auto sign-on on Firefox as well as Internet Explorer.
Similar to when Internet Explorer is used, the administrator decides to which hosts a Firefox
browser will automatically send credentials. For some authentication methods, if may be
necessary for the administrator to specify a realm string on the ASA to match that on the web
application (in the Add Smart Tunnel Auto Sign-on Server window). You can now use
bookmarks with macro substitutions for auto sign-on with Smart tunnel as well.
The POST plug-in is now obsolete. The former POST plug-in was created so that
administrators could specify a bookmark with sign-on macros and receive a kick-off page to
load prior to posting the the POST request. The POST plug-in approach allows requests that
required the presence of cookies, and other header items, fetched ahead of time to go through.
The administrator can now specify pre-load pages when creating bookmarks to achieve the
same functionality. Same as the POST plug-in, the administrator specifies the pre-load page
URL and the URL to send the POST request to.
You can now replace the default preconfigured SSL VPN portal with your own portal. The
administrators do this by specifying a URL as an External Portal. Unlike the group-policy
home page, the External Portal supports POST requests with macro substitution (for auto
sign-on) as well as pre-load pages.
We introduced or modified the following command: smart-tunnel auto-signon.
Expanded Smart Tunnel
application support
Smart Tunnel adds support for the following applications:
Microsoft Outlook Exchange Server 2010 (native support).
Users can now use Smart Tunnel to connect Microsoft Office Outlook to a Microsoft
Exchange Server.
Microsoft Sharepoint/Office 2010.
Users can now perform remote file editing using Microsoft Office 2010 Applications and
Microsoft Sharepoint by using Smart Tunnel.
Interface Features
EtherChannel support (ASA
5510 and higher)
You can configure up to 48 802.3ad EtherChannels of eight active interfaces each.
Note You cannot use interfaces on the 4GE SSM, including the integrated 4GE SSM in slot1
on the ASA 5550, as part of an EtherChannel.
We introduced the following commands: channel-group, lacp port-priority, interface
port-channel, lacp max-bundle, port-channel min-bundle, port-channel load-balance,
lacp system-priority, clear lacp counters, show lacp, show port-channel.
Table1-7 New Features for ASA Version 8.4(1) (continued)
Feature Description