1-14
Cisco ASA Series CLI Configuration Guide
Chapter 1 Introduction to the Cisco ASA
New Features
Remote Access VPN support for IPv6:
IPv6 Address Assignment Policy
You can configure the ASA to assign an IPv4 address, an IPv6 address, or both
an IPv4 and an IPv6 address to an AnyConnect client by creating internal pools
of addresses on the ASA or by assigning a dedicated address to a local user on
the ASA.
The endpoint must have the dual-stack protocol implemented in its operating
system to be assigned both types of addresses.
Assigning an IPv6 address to the client is supported for the SSL protocol. This
feature is not supported for the IKEv2/IPsec protocol.
We introduced the following commands:
ipv6-vpn-addr-assign
,
vpn-framed-ipv6-address
.
We modified the following screens:
Configuration > Remote Access VPN > Network (Client) Access > Address
Assignment > Assignment Policy
Configuration > Remote Access VPN > AAA/Local Users > Local Users >
(Edit local user account) > VPN Policy
Remote Access VPN support for IPv6:
Assigning DNS Servers with IPv6 Addresses
to group policies
DNS servers can be defined in a Network (Client) Access internal group policy
on the ASA. You can specify up to four DNS server addresses including up to
two IPv4 addresses and up to two IPv6 addresses.
DNS servers with IPv6 addresses can be reached by VPN clients when they are
configured to use the SSL protocol. This feature is not supported for clients
configured to use the IKEv2/IPsec protocol.
We modified the following command:
dns-server value
.
We modified the following screen: Configuration > Remote Access VPN >
Network (Client) Access > Group Policies > (Edit group policy) > Servers.
Remote Access VPN support for IPv6:
Split tunneling
Split tunneling enables you to route some network traffic through the VPN
tunnel (encrypted) and to route other network traffic outside the VPN tunnel
(unencrypted or “in the clear”). You can now perform split tunneling on IPv6
network traffic by defining an IPv6 policy which specifies a unified access
control rule.
IPv6 split tunneling is reported with the telemetric data sent by the Smart Call
Home feature. If either IPv4 or IPv6 split tunneling is enabled, Smart Call
Home reports split tunneling as “enabled.” For telemetric data, the VPN
session database displays the IPv6 data typically reported with session
management.
You can include or exclude IPv6 traffic from the VPN “tunnel” for VPN clients
configured to use the SSL protocol. This feature is not supported for the
IKEv2/IPsec protocol.
We introduced the following command:
ipv6-split-tunnel-policy
.
We modified the following screen: Configuration > Remote Access VPN >
Network (Client) Access > Group Policies > (Edit group policy) > Advanced
> Split Tunneling.
Table 1-5
New Features for ASA Version 9.0(1)/ASDM Version 7.0(1) (continued)
Feature
Description
Summary of Contents for 5505 - ASA Firewall Edition Bundle
Page 28: ...Glossary GL 24 Cisco ASA Series CLI Configuration Guide ...
Page 61: ...P A R T 1 Getting Started with the ASA ...
Page 62: ......
Page 219: ...P A R T 2 Configuring High Availability and Scalability ...
Page 220: ......
Page 403: ...P A R T 2 Configuring Interfaces ...
Page 404: ......
Page 499: ...P A R T 2 Configuring Basic Settings ...
Page 500: ......
Page 533: ...P A R T 2 Configuring Objects and Access Lists ...
Page 534: ......
Page 601: ...P A R T 2 Configuring IP Routing ...
Page 602: ......
Page 745: ...P A R T 2 Configuring Network Address Translation ...
Page 746: ......
Page 845: ...P A R T 2 Configuring AAA Servers and the Local Database ...
Page 846: ......
Page 981: ...P A R T 2 Configuring Access Control ...
Page 982: ......
Page 1061: ...P A R T 2 Configuring Service Policies Using the Modular Policy Framework ...
Page 1062: ......
Page 1093: ...P A R T 2 Configuring Application Inspection ...
Page 1094: ......
Page 1191: ...P A R T 2 Configuring Unified Communications ...
Page 1192: ......
Page 1333: ...P A R T 2 Configuring Connection Settings and QoS ...
Page 1334: ......
Page 1379: ...P A R T 2 Configuring Advanced Network Protection ...
Page 1380: ......
Page 1475: ...P A R T 2 Configuring Modules ...
Page 1476: ......
Page 1549: ...P A R T 2 Configuring VPN ...
Page 1550: ......
Page 1965: ...P A R T 2 Configuring Logging SNMP and Smart Call Home ...
Page 1966: ......
Page 2059: ...P A R T 2 System Administration ...
Page 2060: ......
Page 2098: ...1 8 Cisco ASA Series CLI Configuration Guide Chapter 1 Troubleshooting Viewing the Coredump ...
Page 2099: ...P A R T 2 Reference ...
Page 2100: ......