Details for these general new features and enhancements are defined in the sections that follow. Same Security Level CommunicationsThis new ASA/PIX version 7 feature enables you to set more than one interface to the same security level. This enables two-way traffic flow between these interfaces, similar to a router. You configure this feature at the following ASDM panel:
No NAT FunctionalityThis new ASA/PIX version 7 feature eliminates the requirement that NAT must be configured for traffic to traverse the security appliance. You can see this feature in ASDM by navigating to the following panel:
VPN Stateful FailoverThis new ASA/PIX version 7 allows VPN state to be updated between the active and the secondary failover ASA/PIX. If the primary ASA/PIX goes down, VPN sessions continue uninterrupted because the state has been maintained between the two failover boxes. You can see this feature in ASDM by navigating to the following panel:
Interoperability with IOS CA ServerThis new ASA/PIX version 7 feature allows the ASA/PIX Security Appliance to generate and receive certificate requests for the Cisco IOS CERT server. Asymmetric RoutingThis new ASA/PIX version 7 features enables stateful asymmetric routing during failover. It is used only with active/active failover, which is not included in ASDM and not covered in this book. OSPF NeighborThis new ASA/PIX version 7 feature allows the recognition of Open Shortest Path First (OSPF) neighbors across a VPN tunnel. Some caveats apply: The OSPF neighbor can be only one hop away andneighbors must belong to the same subnet. PIM-Sparse ModeThe new ASA/PIX version 7 feature allows an ASA/PIX version 7 PIM-Sparse mode to scale through the ASA/PIX Security Appliance. Ping EnhancementsThe new ASA/PIX version 7 feature adds arguments to the ping command, enabling you to use ping extended options that have also been deployed in Cisco IOS 12.3. This includes, in alphabetic order, the following:
4096-Bit RSA Key SupportThis new ASA/PIX version 7 feature allows support for 4k-bit RSA keys. PolicingThis new ASA/PIX version 7 feature supports two queues for QoS support:
QoS enables you to define which traffic will have precedence as it traverses the security appliance. For example, you might want your IP telephony traffic to be processed before your web browsing traffic, resulting in clear voice communication. You configure QoS from the ASDM panel, as follows:
LoggingThis ASA/PIX version 7 enhancement includes legacy support for syslog formats used in previous ASA/PIX versions. It also includes support for the new syslog format called EMBLEM. You configure syslog from the following ASDM panels:
Virtual Firewall SupportThis ASA/PIX version 7 enhancement provides you with the features to support several different security appliance contexts within a single ASA/PIX Security Appliance. This provides businesses an easy way to consolidate multiple security appliances into a single physical appliance. |