1-22
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter1 Introduction to the Cisco ASA 5500 Series
New Features
Bridge groups for
transparent mode
If you do not want the overhead of security contexts, or want to maximize your use of security
contexts, you can group interfaces together in a bridge group, and then configure multiple
bridge groups, one for each network. Bridge group traffic is isolated from other bridge groups.
You can configure up to 8 bridge groups in single mode or per context in multiple mode, with
4 interfaces maximum per bridge group.
Note Although you can configure multiple bridge groups on the ASA 5505, the restriction
of 2 data interfaces in transparent mode on the ASA 5505 means you can only
effectively use 1 bridge group.
We introduced the following commands: interface bvi, bridge-group, show bridge-group.
Scalability Features
Increased contexts for the
ASA 5550, 5580, and
5585-X
For the ASA 5550 and ASA 5585-X with SSP-10, the maximum contexts was increased from
50 to 100. For the ASA 5580 and 5585-X with SSP-20 and higher, the maximum was increased
from 50 to 250.
Increased VLANs for the
ASA 5580 and 5585-X
For the ASA 5580 and 5585-X, the maximum VLANs was increased from 250 to 1024.
Additional platform support Google Chrome has been added as a supported platform for ASA Version 8.4. Both 32-bit and
64-bit platforms are supported on Windows XP, Vista, and 7 and Mac OS X Version 6.0.
Increased connections for
the ASA 5580 and 5585-X
We increased the firewall connection limits:
ASA 5580-20—1,000,000 to 2,000,000.
ASA 5580-40—2,000,000 to 4,000,000.
ASA 5585-X with SSP-10: 750,000 to 1,000,000.
ASA 5585-X with SSP-20: 1,000,000 to 2,000,000.
ASA 5585-X with SSP-40: 2,000,000 to 4,000,000.
ASA 5585-X with SSP-60: 2,000,000 to 10,000,000.
Increased AnyConnect VPN
sessions for the ASA 5580
The AnyConnect VPN session limit was increased from 5,000 to 10,000.
Increased Other VPN
sessions for the ASA 5580
The other VPN session limit was increased from 5,000 to 10,000.
High Availability Features
Stateful Failover with
Dynamic Routing Protocols
Routes that are learned through dynamic routing protocols (such as OSPF and EIGRP) on the
active unit are now maintained in a Routing Information Base (RIB) table on the standby unit.
Upon a failover event, traffic on the secondary active unit now passes with minimal disruption
because routes are known.
We modified the following commands: show failover, show route, show route failover.
Unified Communication Features
Table1-7 New Features for ASA Version 8.4(1) (continued)
Feature Description