1-10
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 1 Introduction to the Cisco ASA 5500 Series Adaptive Security Appliance
New Features
Use of Real IP addresses in
access lists instead of
translated addresses
When using NAT, mapped addresses are no longer required in an access list for many features.
You should always use the real, untranslated addresses when configuring these features. Using
the real address means that if the NAT configuration changes, you do not need to change the
access lists.
The following features that use access lists now use real IP addresses. These features are
automatically migrated to use real IP addresses when you upgrade to 8.3, unless otherwise
noted.
• Access rules
• Service policy rules
• Botnet Traffic Filter
• AAA rules
• WCCP redirect.
Note WCCP is not automatically migrated when you upgrade to 8.3.
Threat Detection
Enhancements
You can now customize the number of rate intervals for which advanced statistics are collected.
The default number of rates was changed from 3 to 1. For basic statistics, advanced statistics,
and scanning threat detection, the memory usage was improved.
The following screen was modified: Configuration > Firewall > Threat Detection.
Unified Communication Features
SCCP v19 support The IP phone support in the Cisco Phone Proxy feature was enhanced to include support for
version 19 of the SCCP protocol on the list of supported IP phones.
Cisco Intercompany Media
Engine Proxy
Cisco Intercompany Media Engine (UC-IME) enables companies to interconnect on-demand,
over the Internet with advanced features made available by VoIP technologies. Cisco
Intercompany Media Engine allows for business-to-business federation between Cisco Unified
Communications Manager clusters in different enterprises by utilizing peer-to-peer, security,
and SIP protocols to create dynamic SIP trunks between businesses. A collection of enterprises
work together to end up looking like one large business with inter-cluster trunks between them.
The following screens were modified or introduced:
Wizards > Unified Communications Wizard > Cisco Intercompany Media Engine Proxy
Configuration > Firewall > Unified Communications, and then click UC-IME Proxy
Configuration > Firewall > Service Policy Rules > Add/Edit Service Policy Rule > Rule
Actions > Select SIP Inspection Map
SIP Inspection Support for
IME
SIP inspection has been enhance to support the new Cisco Intercompany Media Engine
(UC-IME) Proxy.
The following screen was modified: Configuration > Firewall > Service Policy Rules >
Add/Edit Service Policy Rule > Rule Actions > Select SIP Inspection Map.
Table 1-4 New Features for ASDM Version 6.3(1)/ASA Version 8.3(1) (Unless Otherwise Noted) (continued)
Feature Description
To Next Page
Loading...
Need help?
General
