1-14
Cisco ASA Series CLI Configuration Guide
Chapter 1 Introduction to the Cisco ASA
New Features
Remote Access VPN support for IPv6:
IPv6 Address Assignment Policy
You can configure the ASA to assign an IPv4 address, an IPv6 address, or both
an IPv4 and an IPv6 address to an AnyConnect client by creating internal pools
of addresses on the ASA or by assigning a dedicated address to a local user on
the ASA.
The endpoint must have the dual-stack protocol implemented in its operating
system to be assigned both types of addresses.
Assigning an IPv6 address to the client is supported for the SSL protocol. This
feature is not supported for the IKEv2/IPsec protocol.
We introduced the following commands: ipv6-vpn-addr-assign,
vpn-framed-ipv6-address.
We modified the following screens:
Configuration > Remote Access VPN > Network (Client) Access > Address
Assignment > Assignment Policy
Configuration > Remote Access VPN > AAA/Local Users > Local Users >
(Edit local user account) > VPN Policy
Remote Access VPN support for IPv6:
Assigning DNS Servers with IPv6 Addresses
to group policies
DNS servers can be defined in a Network (Client) Access internal group policy
on the ASA. You can specify up to four DNS server addresses including up to
two IPv4 addresses and up to two IPv6 addresses.
DNS servers with IPv6 addresses can be reached by VPN clients when they are
configured to use the SSL protocol. This feature is not supported for clients
configured to use the IKEv2/IPsec protocol.
We modified the following command: dns-server value.
We modified the following screen: Configuration > Remote Access VPN >
Network (Client) Access > Group Policies > (Edit group policy) > Servers.
Remote Access VPN support for IPv6:
Split tunneling
Split tunneling enables you to route some network traffic through the VPN
tunnel (encrypted) and to route other network traffic outside the VPN tunnel
(unencrypted or “in the clear”). You can now perform split tunneling on IPv6
network traffic by defining an IPv6 policy which specifies a unified access
control rule.
IPv6 split tunneling is reported with the telemetric data sent by the Smart Call
Home feature. If either IPv4 or IPv6 split tunneling is enabled, Smart Call
Home reports split tunneling as “enabled.” For telemetric data, the VPN
session database displays the IPv6 data typically reported with session
management.
You can include or exclude IPv6 traffic from the VPN “tunnel” for VPN clients
configured to use the SSL protocol. This feature is not supported for the
IKEv2/IPsec protocol.
We introduced the following command: ipv6-split-tunnel-policy.
We modified the following screen: Configuration > Remote Access VPN >
Network (Client) Access > Group Policies > (Edit group policy) > Advanced
> Split Tunneling.
Table 1-5 New Features for ASA Version 9.0(1)/ASDM Version 7.0(1) (continued)
Feature Description
To Next Page
Loading...
Need help?
General
