Release Notes for the Cisco ASA 5. Series, 8. 2xTable of Contents. Release Notes for the Cisco ASA 5. Figure0024.png' alt='Cannot Connect To Citrix Xenapp Server Software Caused Connection Abort' title='Cannot Connect To Citrix Xenapp Server Software Caused Connection Abort' />CrossPlatform Release Notes for Cisco IOS Release 12. T, Part 6 Caveats for 12. T1 through 12. 422T4. Series, Version 8. Important Notes. Limitations and Restrictions. Gmail is email thats intuitive, efficient, and useful. GB of storage, less spam, and mobile access. Note For the ASA 5540 and ASA 5550 using SSL VPN, in specific load conditions, you may want to continue to use software processing for large keys. Argent Wins Best Network Monitoring Product1poc. Your Free Argent Proof Of Concept. Upgrading the Software. Downloading Software from Cisco. Upgrading Between Major Releases. Upgrading the Phone Proxy and MTA Instance. Activation Key Compatibility When Upgrading. System Requirements. Memory Requirements. Standard DRAM and Internal Flash Memory. Memory Upgrade Kits. Viewing Flash Memory. DRAM, Flash Memory, and Failover. ASDM, Module, and VPN Compatibility. New Features. New Features in Version 8. New Features in Version 8. New Features in Version 8. New Features in Version 8. New Features in Version 8. New Features in Version 8. New Features in Version 8. New Features in Version 8. New Features in Version 8. Open Caveats. Resolved Caveats. Resolved Caveats in Version 8. Resolved Caveats in Version 8. Resolved Caveats in Version 8. Resolved Caveats in Version 8. Related Documentation. Obtaining Documentation and Submitting a Service Request. Release Notes for the Cisco ASA 5. Series, Version 8. Released May 8, 2. Updated July 1. 2, 2. This document contains release information for Cisco ASA 5. Versions 8. 21 through 8. This document includes the following sections Important Notes. Cisco ASA Clientless SSL VPN Portal Customization Integrity VulnerabilityMultiple vulnerabilities have been fixed for clientless SSL VPN in ASA software, so you should upgrade your software to a fixed version. See http tools. Cisco. Cooking Academy 3 Download Iwin Manager. Security. Advisorycisco sa 2. ASA versions. Also, if you ever ran an earlier ASA version that had a vulnerable configuration, then regardless of the version you are currently running, you should verify that the portal customization was not compromised. If an attacker compromised a customization object in the past, then the compromised object stays persistent after you upgrade the ASA to a fixed version. Upgrading the ASA prevents this vulnerability from being exploited further, but it will not modify any customization objects that were already compromised and are still present on the system. The Advanced Inspection and Prevention Security Services Card AIP SSC can take up to 2. This initialization process must complete before configuration changes can be made to the sensor. Attempts to modify and save configuration changes before the initialization completes will result in an error. See the Upgrading the Software section for downgrade issues after you upgrade the Phone Proxy and MTA instance, or if you upgrade the activation key with new 8. For detailed information and FAQs about feature licenses, including shared licenses and temporary licenses, see Managing Feature Licenses for Cisco ASA 5. Version 8. 2 at http www. USdocssecurityasaasa. When using Clientless SSL VPN Post SSO parameters for the Citrix Web interface bookmark, Single Sign On SSO works, but the Citrix portal is missing the Reconnect and Disconnect buttons. Only the Log Off button appears. When not using SSO over Clientless, all three buttons show up correctly. Workaround Use the Cisco HTTP POST plug in to provide SSO and correct Citrix portal behavior. On the ASA 5. 51. Version 8. 2 uses more base memory than previous releases. This might cause problems for some ASA 5. If your current show memory command output displays less than 2. ASA 5. 51. 0 from 2. MB to 1 GB before proceeding with the Version 8. See the Memory Requirements section. On the ASA 5. 58. Version 8. 2 shows increased CPU usage under stressed conditions than Version 8. Connection ProfileTunnel Group terminology in CLI vs. ASDMThe ASA tunnel groups define the initial connection parameters and attributes such as AAA, client address assignment, and connection aliasgroup url for a remote access VPN session. In the CLI, they are referred to as tunnel groups, whereas in ASDM they are referred to as Connection Profiles. A VPN policy is an aggregation of Connection Profile, Group Policy, and Dynamic Access Policy authorization attributes. Cosmetic startup message issue on the ASA 5. XCisco manufacturing recently discovered a process error that resulted in loading a test build of BIOS firmware on many early shipments of the ASA 5. X. On the affected units, more text than usual displays on the console during startup before reaching the rommon prompt. Included in the extra output is the following message banner CISCO SYSTEMS Spyker Build, TEST build not for Customer Release Embedded BIOS Version 2. While you may see this additional text, there is no functional impact to the ASA operation you can ignore the additional text. The test build provides additional information that can be used by engineers to pinpoint hardware problems during the manufacturing process. Unfortunately, there is no field upgradeable resolution to eliminate this message that does not require replacing the hardware. Hardware with a serial number that falls within the following ranges could be impacted by this cosmetic issue. Note that not all serial numbers within these ranges are impacted. JMX1. JMX1. 52. 0xxxx JAF1. JAF1. 51. 6xxxx for ASA SSP 2. K8 onlyHardware with the following Product IDs for the above serial numbers could be impacted by this cosmetic issue ASA5. S2. 0 K8 ASA5. S2. K9 ASA5. 58. S2. 0P2. K8 ASA5. S2. 0P2. K9 ASA5. S2. 0P2. XK9 ASA5. S2. 0X K9 ASA SSP 2. K8Only 4 GB of memory is available in ASA 8. ASA 5. 58. 0 and 5. X platforms. All available memory in multi core platforms ASA 5. X in ASA 8. 25 are also available in ASA 8. To take advantage of the enhanced capability, you should upgrade your devices to the ASA 8. Limitations and Restrictions. The SSL SHA 2 digital signature capability for authentication of Any. Connect SSL VPN sessions Versions 2. ASA Version 8. 2. The feature was introduced in ASA interim Version 8. Stateful Failover with Phone ProxyWhen using Stateful Failover with phone proxy, information is not passed to the standby unit when the active unit goes down, the call fails, media stops flowing, and the call must be re established. No. NET over Clientless sessionsClientless sessions do not support. NET framework applications CSCsv. The ASA does not support phone proxy and CIPC for remote access. The AIP SSC 5 does not support virtualization, unretiring default retired signatures, creating custom signatures, adding signatures, cloning signatures, or anomaly detection. The ASA cannot fully support domain based DFS. To support this, the ASA would need to join the Active Directory and query the Active Directory server for DFS referral. Instead the ASA sends the DFS referral to the DNS servers configured for the users. Since the AD server is the DNS server in most cases, the majority of customer configurations are covered. ASA 5. ASA 5. 52. ASA 5. ASA 5. 55. We strongly recommend that you enable hardware processing using the crypto engine large mod accel command instead of software for large modulus operations such as 2. DH5 keys. If you continue to use software processing for large keys, you could experience significant performance degradation due to slow session establishment for IPsec and SSL VPN connections. We recommend that you initially enable hardware processing during a low use or maintenance period to minimize a temporary packet loss that can occur during the transition of processing from software to hardware. Note For the ASA 5. ASA 5. 55. 0 using SSL VPN, in specific load conditions, you may want to continue to use software processing for large keys. If VPN sessions are added very slowly and the ASA runs at capacity, then the negative impact to data throughput is larger than the positive impact for session establishment. The ASA 5. 58. 05. X platforms already integrate this capability therefore, crypto engine commands are not applicable on these platforms. Only users with a privilege level of 1. ASA using the the secure copy protocol SCP. Upgrading the Software.