New features in version 8.4(1) – Cisco ASA 5505 User Manual

1-19

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 1 Introduction to the Cisco ASA 5500 Series

New Features

New Features in Version 8.4(1)

Released: January 31, 2011

Table 1-7

lists the new features for ASA Version 8.4(1).

Table 1-7

New Features for ASA Version 8.4(1)

Feature

Description

Hardware Features

Support for the ASA 5585-X We introduced support for the ASA 5585-X with Security Services Processor (SSP)-10, -20,

-40, and -60.

Note

Support was previously added in 8.2(3) and 8.2(4); the ASA 5585-X is not supported
in 8.3(x).

No Payload Encryption
hardware for export

You can purchase the ASA 5585-X with No Payload Encryption. For export to some countries,
payload encryption cannot be enabled on the Cisco ASA 5500 series. The ASA software senses
a No Payload Encryption model, and disables the following features:

•

Unified Communications

•

VPN

You can still install the Strong Encryption (3DES/AES) license for use with management
connections. For example, you can use ASDM HTTPS/SSL, SSHv2, Telnet and SNMPv3. You
can also download the dynamic database for the Botnet Traffic Filer (which uses SSL).

Remote Access Features

L2TP/IPsec Support on
Android Platforms

We now support VPN connections between Android mobile devices and ASA 5500 series
devices, when using the L2TP/IPsec protocol and the native Android VPN client. Mobile
devices must be using the Android 2.1, or later, operating system.

Also available in Version 8.2(5).

UTF-8 Character Support
for AnyConnect Passwords

AnyConnect 3.0 used with ASA 8.4(1), supports UTF-8 characters in passwords sent using
RADIUS/MSCHAP and LDAP protocols.

IPsec VPN Connections with
IKEv2

Internet Key Exchange Version 2 (IKEv2) is the latest key exchange protocol used to establish
and control Internet Protocol Security (IPsec) tunnels. The ASA now supports IPsec with
IKEv2 for the AnyConnect Secure Mobility Client, Version 3.0(1), for all client operating
systems.

On the ASA, you enable IPsec connections for users in the group policy. For the AnyConnect
client, you specify the primary protocol (IPsec or SSL) for each ASA in the server list of the
client profile.

IPsec remote access VPN using IKEv2 was added to the AnyConnect Essentials and
AnyConnect Premium licenses.

Site-to-site sessions were added to the Other VPN license (formerly IPsec VPN). The Other
VPN license is included in the Base license.

We modified the following commands: vpn-tunnel-protocol, crypto ikev2 policy, crypto
ikev2 enable, crypto ipsec ikev2, crypto dynamic-map, crypto map.