Filter
Top Products
2-15
Cisco ASDM User Guide
OL-16647-01
Chapter 2 Introduction to the Security Appliance
New Features by Platform Release
Firewall Features
Application
Inspection
Modular policy
framework inspect class
map
Traffic can match one of multiple match commands in an inspect class map;
formerly, traffic had to match all match commands in a class map to match
the class map.
AIC for encrypted
streams and AIC Arch
changes
Provides HTTP inspection into TLS, which allows AIC/MPF inspection in
WebVPN HTTP and HTTPS streams.
TLS Proxy for SCCP and
SIP
2
Enables inspection of encrypted traffic. Implementations include SSL
encrypted VoIP signaling, namely Skinny and SIP, interacting with the Cisco
CallManager.
SIP enhancements for
CCM
Improves interoperability with CCM 5.0 and 6.x with respect to signaling
pinholes.
Full RTSP PAT support Provides TCP fragment reassembly support, a scalable parsing routine on
RTSP, and security enhancements that protect RTSP traffic.
Access Lists Enhanced service object
group
Lets you configure a service object group that contains a mix of TCP services,
UDP services, ICMP-type services, and any protocol. It removes the need for
a specific ICMP-type object group and protocol object group. The enhanced
service object group also specifies both source and destination services. The
access list CLI now supports this behavior.
Ability to rename access
list
Lets you rename an access list.
Live access list hit counts Includes the hit count for ACEs from multiple access lists. The hit count value
represents how many times traffic hits a particular access rule.
Attack Prevention Set connection limits for
management traffic to the
adaptive security
appliance
For a Layer 3/4 management class map, you can specify the set connection
command.
Threat detection You can enable basic threat detection and scanning threat detection to
monitor attacks such as DoS attacks and scanning attacks. For scanning
attacks, you can automatically shun attacking hosts. You can also enable scan
threat statistics to monitor both valid and invalid traffic for hosts, ports,
protocols, and access lists.
NAT Transparent firewall NAT
support
You can configure NAT for a transparent firewall.
IPS Virtual IPS sensors with
the AIP SSM
The AIP SSM running IPS software Version 6.0 and above can run multiple
virtual sensors, which means you can configure multiple security policies on
the AIP SSM. You can assign each context or single mode adaptive security
appliance to one or more virtual sensors, or you can assign multiple security
contexts to the same virtual sensor. See the IPS documentation for more
information about virtual sensors, including the maximum number of sensors
supported.
Table 2-5 New Features for ASA and PIX Version 8.0(2) (continued)
ASA Feature Type Feature Description