New Major Version of the ASA firmware
Cisco has been criticised lately for not focussing enough on Security products. There isn’t a revolution that willchanging the internet forever. Some stand out features / problems / considerations for me are listed here.
Here is the big one. The Cisco ASA NAT has been completely changed and the syntax is all new including the use of Real IP address in access-list (instead of xlated addresses).
The NAT configuration was completely redesigned to allow greater flexibility and ease of use. You can now configure NAT using auto NAT, where you configure NAT as part of the attributes of a network object, and manual NAT, where you can configure more advanced NAT options.
The following commands were introduced or modified: nat (in global and object network configuration mode), show nat, show nat pool, show xlate, show running-config nat.
The following commands were removed: global, static, nat-control, alias.
and the use of Real IP Addresses.
When using NAT, mapped addresses are no longer required in an access list for many features. You should always use the real, untranslated addresses when configuring these features. Using the real address means that if the NAT configuration changes, you do not need to change the access lists.
The following commands and features that use access lists now use real IP addresses. These features are automatically migrated to use real IP addresses when you upgrade to 8.3, unless otherwise noted.
•Modular Policy Framework match access-list command
•Botnet Traffic Filter dynamic-filter enable classify-list command
•AAA aaa … match commands
Note: WCCP is not automatically migrated when you upgrade to 8.3.
Memory Upgrades Needed
You need to purchase RAM upgrades for just about all models of ASA in use today.
|ASA Model||Default DRAM Memory||Default Internal Flash Memory||Required DRAM for 8.3<|
|5505||256 MB||128 MB||512 MB|
|5510||256 MB||512 MB||1 GB|
|5520||512 MB||512 MB||2 GB|
|5540||1 GB||512 MB||2 GB|
|5550||4 GB||512||4 GB|
|5580-20||8 GB||1 GB||8 GB|
|5580-40||12 GB||1 GB||12 GB|
SSL VPN Support extended to 64-bit platforms
Release 8.3(1) provides browser-based (clientless) VPN access from the following newly supported platforms:
•Windows 7 x86 (32-bit) and x64 (64-bit) via Internet Explorer 8.x and Firefox 3.x
•Windows Vista x64 via Internet Explorer 7.x/8.x, or Firefox 3.x.
•Windows XP x64 via Internet Explorer 6.x/7.x/8.x and Firefox 3.x
•Mac OS 10.6 32- and 64-bit via Safari 4.x and Firefox 3.x.
The master passphrase feature allows you to securely store plain text passwords in encrypted format. It provides a master key that is used to universally encrypt or mask all passwords, without changing any functionality.
The following commands were introduced: key config-key password-encryption, password encryption aes.