This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Cisco Cloud Web Security provides content scanning and other malware protection service for web traffic. It can also redirect and report about web traffic based on user identity.
• ASA Clustering for the ASA 5580 and 5585-X
ASA Clustering lets you group multiple ASAs together as a single logical device. A cluster provides all the convenience of a single device (management, integration into a network) while achieving the increased throughput and redundancy of multiple devices. ASA clustering is supported for the ASA 5580 and the ASA 5585-X; all units in a cluster must be the same model with the same hardware specifications.
EIGRP and OSPFv2 dynamic routing protocols are now supported in multiple context mode. OSPFv3,RIP, and multicast routing are not supported.
• Mixed firewall mode support in multiple context mode
You can set the firewall mode independently for each security context in multiple context mode, so some can run in transparent mode while others run in routed mode.
Overview of Firewall features (contd.)• Ability to view top 10 memory users – show memory top-usage
You can now view the top bin sizes allocated and the top 10 PCs for each allocated bin size. Previously, you had to enter multiple commands to see this information (the show memory detail command and the show memory binsize command); the new command provides for quicker analysis of memory issues.
• Support for administrator password policy when using the local database
• Support for a maximum number of management sessions
• Support for image verification - Support for SHA-512 image integrity checking was added.
• CPU profile enhancements
• Decreased the half-closed timeout minimum value to 30 seconds
Client IP Assigned IP ASA Headend SSL/DTLS IKEV2 (IPSec)
IPV4 IPV4 IPV4 YES YES
IPV4 IPV6 IPV4 YES NO
IPV6 & IPV4 IPV4 IPV6 & IPV4 YES YES
IPV6 & IPV4 IPV6 IPV6 & IPV4 YES NO
IPV6 & IPV4 IPV6 & IPV4 IPV6 & IPV4 YES NO
IPV6 IPV4 IPV6 YES YES
IPV6 IPV6 IPV6 YES NO
** ASA Must have IPV4 Interface Address to support LB Inter-Device Communication **** Client must have dual stack for combinations where assigned IP type is different from outer IP **
ICMP error validation – This feature allows the administrator to enable validation of specific ICMP error messages before they are forwarded. The error validation will ensure that the ICMP errors are in response to a previously transmitted packet and not part of an attack.
Fragmentation policy per tunnel – This feature allows the DF bit policy (copy, clear, or set) to be set for individual tunnels. This setting was only available at the interface level previously.
Dummy packet generation for Traffic Flow Confidentiality (TFC) – This feature allows the administrator to inject dummy packets into the IPsec packet stream. These packets can be used to prevent traffic analysis of the IPsec data.
PMTU Aging – This feature allows the administrator to control the effective time of PMTU updates. In the current releases, a PMTU update will last for the remaining life of the IPsec tunnel. This option provides a timeout for the PMTU updates.
Ask The Experts Event (with Namit Agarwal and Rahul Govindan)
If you have additional questions, you can ask Haseeb and Chris. They will be answering from October 22 – November 1, 2013https://supportforums.cisco.com/thread/2246756 You can watch the video or read the Q&A 5 business days after the event athttps://supportforums.cisco.com/community/netpro/ask-the-expert/webcasts
A. In 1997, Cisco first released Adaptive Security Appliance
B. In 1997, Cisco Systems, Inc. announced the industry’s first enterprise-wide security initiative which was just the start of things to come in the enterprise security space for Cisco including Cisco Adaptive Security Appliance, VPN, Firewalls and the current ASA 9x.
C. In 1997, Cisco earned a patent for the Adaptive Security Appliance
What does the year 1997, Security and Cisco all have in common?
Tuesday, November 5, 201310:00 a.m. JST Tokyo (Monday, November 4, 5 p.m. PDT San Francisco)
Join Cisco Expert:
Ryota Takao
During this live event, the expert Ryota Takao will focus on the behavior of Cisco IO Router memory and buffers, introducing the troubleshooting methods of log checkpoints, cautions, and case studies.
Wednesday, November 6, 201311:00 a.m. Brasilia City
1:00 p.m. WEST Lisbon
5:00 a.m. San Francisco
8:00 a.m. New York City
Join Expert:
Top Contributor Bruno Rangel of Capgemini Brazil
During this live event, expert Bruno Rangel of Capgemini Brazil will cover important topics such as call control for Cisco TelePresence, media resources, network requirements for Cisco TelePresence, and Cisco TelePresence Management Suite (TMS).
Tuesday, November 12, 2013 9:00 a.m. PDT San Francisco
12:00 p.m. EDT New York
5:00 p.m. BST London
6:00 p.m. CEST Paris
Join Expert:
Vinayak Sudame
During this live event, expert Vinayak Sudame will cover important caveats and best practices for the Cisco Nexus switches, including configuring and troubleshooting Cisco Nexus 5000 and 6000 Series switches as well as Fibre Channel over Ethernet (FCoE). Additionally, Vinayak will provide best practices for working with the Technical Assistance Center (TAC).
During this live event, expert Irina llyina-Sidorova will cover a typical ISE installation process – in the case of a multi-node deployment. Irina will also cover HW and network infrastructure requirements.
Global community members can collaborate with colleagues and other support professionals with easy, on-the-go access to the community’s breadth of technical resources in their local language.
With the latest version of the mobile app, you can now access the Spanish, Portuguese, Japanese and Russians communities.
A. In 1997, Cisco first released Adaptive Security Appliance
B. In 1997, Cisco Systems, Inc. announced the industry’s first enterprise-wide security initiative which was just the start of things to come in the enterprise security space for Cisco including Cisco Adaptive Security Appliance, VPN, Firewalls and the current ASA 9x.
C. In 1997, Cisco earned a patent for the Adaptive Security Appliance
What does the year 1997, Security and Cisco all have in common?