Guest

Cisco ASA 5500 Series Adaptive Security Appliances

Cisco ASA 5500 Series Adaptive Security Appliances Software Release 8.3

Hierarchical Navigation

Downloads

Cisco® ASA 5500 Adaptive Security Appliances Software Release 8.3 significantly increases deployment flexibility and reduces operational overhead by introducing new capabilities and performance optimizations across firewall, remote access, IPS, and Unified Communications feature sets. This release is supported on Cisco ASA 5505, 5510, 5520, 5540, 5550, 5580-20, and 5580-40 models that have the required amount of memory.

New Features

Firewall features

• Network object optimization: Optimizing the way rules are compiled and stored in memory improves firewall performance for customers with large security policies and those who make extensive use of objects when defining security policies.

• ACL time stamp: Administrators can better manage firewall policies by marking each rule with a time stamp for when it was last hit.

• Threat defense optimizations: The threat scanning engine's performance has increased by 20 percent while its memory usage has decreased by 60 percent.

• Cisco.com Upgrade Wizard: Enhancements to the wizard improve its usability and btter support future software releases.

• Global firewall rules (access control lists [ACLs]): Enabling the creation of rules that are not bound to a specific physical or virtual interface greatly increases deployment flexibility for firewall policies.

• IP options: Support for passing through or clearing options fields of the IP packet header has been added, as has conformance to RFC 2113.

• Network objects: Enabling hosts, subnets, and address ranges to be defined as objects that can be used in firewall and Network Address Translation (NAT) policies improves how those policies are structured and organized.

• NAT enhancements: Adopting an "original packet" and "translated packet" approach significantly improves flexibility and reduces the complexity of network and port address translation.

• Password encryption: Passwords that are stored in the device configuration can be encrypted.

• Smart Call-Home: This feature provides diagnostic information to Cisco technical support, helping to reduce time to repair and network downtime.

• Real IP: ACLs can be configured using the real IP address of hosts instead of using translated values when NAT configurations are present.

• Botnet Traffic Filter enhancements: Enhanced reporting capabilities and improved traffic blocking features enable customers to better defend their networks.

Remote-access features

• New OS support for Clientless Access: Support for clientless remote access is now included for Windows XP (64-bit), Windows Vista (64-bit), Windows 7 (32- and 64-bit), MacOS 10.5 (64-bit), and MacOS 10.6 (32- and 64-sbit).

• IPv6 IPsec Site-to-Site VPN: Customers can now create encrypted IPsec VPN connections over IPv6 networks

• Cisco AnyConnect Secure Mobility: This feature provides an "always-on" SSL VPN connection from a mobile user, which is passed on to a Cisco IronPort® S-Series Web Security Appliance for content filtering.

• VPN filter optimization: Improves the performance and scalability of VPN deployments that use ACL filters to secure tunneled traffic.

Cisco Adaptive Security Device Manager (ASDM) features:

• VPN Wizard: The Cisco ASDM VPN Wizard now enables customers to create site-to-site IPsec VPNs over IPv6.

• IPS Startup Wizard: A step-by-step configuration wizard facilitates simplified provisioning of AIP SSMs.

• "Top Talkers": Identifies the top 200 hosts based on the number of connections they have initiated through the Cisco ASA appliance.

• Route maps: Customers can configure route maps through Cisco ASDM.

• Botnet Traffic Filter reports: After detecting malicious traffic, the filter analyzes the traffic and provides a number of reports, enabling administrators to remediate the issue.

• AnyConnect Profile Editor: Integrates Cisco ASDM support for the creation of profiles for AnyConnect users, eliminating the need to manually create configuration files.

Unified Communications features:

• Intercompany Media Engine: New licensing and support for the Cisco Intercompany Media Engine solution enables customers to offload communications from the PSTN to Internet-based Session Initiation Protocol (SIP) trunks.

Licensing changes:

• Cisco ASA Software Release 8.3 introduces several changes to the behavior of licenses. Please refer to the licensing bulletin for details.

• Time-based license stacking: Customers can extend time-based licenses such as Botnet Traffic Filter and SSL VPN Burst by applying multiple licenses.

• Licensing of high-availability pairs: For several features, the requirement to deploy identical licenses on the standby unit in a high-availability pair has been removed. Security Plus licenses must still be purchased for both the Active and Standby units.

Memory Requirements

Cisco ASA Software Release 8.3 introduces powerful new security capabilities that require additional memory to ensure optimal performance as shown in Table 1. Memory upgrade kits are available for models that require them. For additional information, please see the "Memory Requirements for Cisco ASA Software Release 8.3 and Higher" product bulletin here: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_bulletin_c25-586414.html.

Table 1. Memory Requirements for Cisco ASA Software Release 8.3

Cisco ASA Model

Default Memory

Upgrade Required for 8.3

Upgrade Part Number

5505 10-User

256 MB

No

Optional: ASA5505-MEM-512=

5505 50-User

256 MB

No

Optional: ASA5505-MEM-512=

5505 Unlimited-User

256 MB

Yes

ASA5505-MEM-512=

5505 Security Plus

256 MB

Yes

ASA5505-MEM-512=

5510

256 MB

Yes

ASA5510-MEM-1GB=

5520

512 MB

Yes

ASA5520-MEM-2GB=

5540

1 GB

Yes

ASA5540-MEM-2GB=

5550

4 GB

No

Not applicable

5580-20

8 GB

No

Not applicable

5580-40

12 GB

No

Not applicable

Upgrade Paths

All Cisco ASA Software Releases (7.0, 7.2, 8.0, 8.1, and 8.2) can be upgraded to Release 8.3. Hitless upgrades are supported for customers upgrading from Cisco ASA Software Release 8.2 to Release 8.3.

Ordering Information

Existing Cisco ASA customers with Cisco SMARTnet® service contracts can easily download Cisco ASA Software Release 8.3 at no additional cost. The software release prices are available on the Cisco price list. Table 2 lists ordering information for Cisco ASA Software Release 8.3.

Table 2. Ordering Information

Software Licenses

Part Number

ASA Licenses

Cisco ASA Software Release 8.3 for the ASA 5500 Series

SF-ASA-8.3-K8

Cisco ASA Software Release 8.3 for the Cisco ASA 5505

SF-ASA5505-8.3-K8

Cisco ASA Software Release 8.3 for the Cisco ASA 5580

SF-ASA5580-8.3-K8

Intercompany Media Engine Licenses

Cisco ASA 5505 Intercompany Media Engine K8 License

ASA5505-ME-K8

Cisco ASA 5505 Intercompany Media Engine K9 License

ASA5505-ME-K9

Cisco ASA 5510 Intercompany Media Engine K8 License

ASA5510-ME-K8

Cisco ASA 5510 Intercompany Media Engine K9 License

ASA5510-ME-K9

Cisco ASA 5520 Intercompany Media Engine K8 License

ASA5520-ME-K8

Cisco ASA 5520 Intercompany Media Engine K9 License

ASA5520-ME-K9

Cisco ASA 5540 Intercompany Media Engine K8 License

ASA5540-ME-K8

Cisco ASA 5540 Intercompany Media Engine K9 License

ASA5540-ME-K9

Cisco ASA 5550 Intercompany Media Engine K8 License

ASA5550-ME-K8

Cisco ASA 5550 Intercompany Media Engine K9 License

ASA5550-ME-K9

Cisco ASA 5580 Intercompany Media Engine K8 License

ASA5580-ME-K8

Cisco ASA 5580 Intercompany Media Engine K9 License

ASA5580-ME-K9

To place an order, visit the Cisco Ordering Home Page. To download software, visit http://www.cisco.com/go/asa.

For More Information

For more information about the Cisco ASA 5500 Series, visit http://www.cisco.com/go/asa or contact your local account representative.
For Cisco ASA 5500 Series Adaptive Security Appliance licensing information, visit: http://www.cisco.com/en/US/products/ps6120/products_licensing_information_listing.html.