Filter
Top Products
1-14
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 1 Introduction to the Cisco ASA 5500 Series
New Features
Mobile Posture
(formerly referred to as
AnyConnect Identification
Extensions for Mobile
Device Detection)
You can now configure the ASA to permit or deny VPN connections to mobile devices, enable
or disable mobile device access on a per group bases, and gather information about connected
mobile devices based on a mobile device’s posture data. The following mobile platforms
support this capability: AnyConnect for iPhone/iPad/iPod Versions 2.5.x and AnyConnect for
Android Version 2.4.x.
Licensing Requirements
Enforcing remote access controls and gathering posture data from mobile devices requires an
AnyConnect Mobile license and either an AnyConnect Essentials or AnyConnect Premium
license to be installed on the ASA. You receive the following functionality based on the license
you install:
• AnyConnect Premium License Functionality
Enterprises that install the AnyConnect Premium license will be able to enforce DAP
policies, on supported mobile devices, based on these DAP attributes and any other
existing endpoint attributes. This includes allowing or denying remote access from a
mobile device.
• AnyConnect Essentials License Functionality
Enterprises that install the AnyConnect Essentials license will be able to do the following:
–
Enable or disable mobile device access on a per group basis and to configure that
feature using ASDM.
–
Display information about connected mobile devices via CLI or ASDM without
having the ability to enforce DAP policies or deny or allow remote access to those
mobile devices.
Also available in Version 8.2(5).
SSL SHA-2 digital signature You can now use of SHA-2 compliant signature algorithms to authenticate SSL VPN
connections that use digital certificates. Our support for SHA-2 includes all three hash sizes:
SHA-256, SHA-384, and SHA-512. SHA-2 requires AnyConnect 2.5(1) or later (2.5(2) or later
recommended). This release does not support SHA-2 for other uses or products.
Caution: To support failover of SHA-2 connections, the standby ASA must be running the same
image.
Also available in Version 8.2(5).
SHA2 certificate signature
support for Microsoft
Windows 7 and
Android-native VPN clients
ASA supports SHA2 certificate signature support for Microsoft Windows 7 and Android-native
VPN clients when using the L2TP/IPsec protocol.
Also available in Version 8.2(5).
Enable/disable certificate
mapping to override the
group-url attribute
This feature changes the preference of a connection profile during the connection profile
selection process. By default, if the ASA matches a certificate field value specified in a
connection profile to the field value of the certificate used by the endpoint, the ASA assigns
that profile to the VPN connection. This optional feature changes the preference to a
connection profile that specifies the group URL requested by the endpoint. The new option lets
administrators rely on the group URL preference used by many older ASA software releases.
Also available in Version 8.2(5).
ASA 5585-X Features
Table 1-5 New Features for ASA Version 8.4(2)/ASDM Version 6.4(5) (continued)
Feature Description