Filter
Top Products
2-11
Cisco ASDM User Guide
OL-16647-01
Chapter 2 Introduction to the Security Appliance
New Features by Platform Release
High Availability Remote command
execution in Failover
pairs
You can execute commands on the peer unit in a failover pair without having
to connect directly to the peer. This works for both Active/Standby and
Active/Active failover.
CSM configuration
rollback support
Adds support for the Cisco Security Manager configuration rollback feature
in failover configurations.
Failover pair Auto
Update support
You can use an Auto Update server to update the platform image and
configuration in failover pairs.
Stateful Failover for SIP
signaling
SIP media and signaling connections are replicated to the standby unit.
Redundant interfaces A logical redundant interface pairs an active and a standby physical interface.
When the active interface fails, the standby interface becomes active and
starts passing traffic. You can configure a redundant interface to increase the
security appliance reliability. This feature is separate from device-level
failover, but you can configure redundant interfaces as well as failover if
desired. You can configure up to eight redundant interface pairs.
SSMs Password reset You can reset the password on the SSM hardware module.
VPN Features
1
Authentication
Enhancements
Combined certificate and
username/password
login
An administrator requires a username and password in addition to a
certificate for login to SSL VPN connections.
Internal domain
username/password
Provides a password for access to internal resources for users who log in with
credentials other than a domain username and password, for example, with a
one-time password. This is a password in addition to the one a user enters
when logging in.
Generic LDAP support This includes OpenLDAP and Novell LDAP. Expands LDAP support
available for authentication and authorization.
Onscreen keyboard The security appliance includes an onscreen keyboard option for the login
page and subsequent authentication requests for internal resources. This
provides additional protection against software-based keystroke loggers by
requiring a user to use a mouse to click characters in an onscreen keyboard
for authentication, rather than entering the characters on a physical keyboard.
SAML SSO verified with
RSA Access Manager
The security appliance supports Security Assertion Markup Language
(SAML) protocol for Single Sign On (SSO) with RSA Access Manager
(Cleartrust and Federated Identity Manager).
NTLMv2 Version 8.0(2) adds support for NTLMv2 authentication for Windows-based
clients.
Certificates Local certificate
authority
Provides a certificate authority on the security appliance for use with SSL
VPN connections, both browser- and client-based.
OCSP CRL Provides OCSP revocation checking for SSL VPN.
Table 2-5 New Features for ASA and PIX Version 8.0(2) (continued)
ASA Feature Type Feature Description