Introduction
ASA 9.0 has now been published on CCO and available for
dowload.
As every release it contains lots of new and long awaited
features.
This blog entry is going to give an overview of what's
available in VPN technologies.
Features like trustsec, scansafe integration, routing in
multi-context mode (and many others) will not be discussed here.
Please note that this document is intended as a summary
only - for deatils of support and configuration please check release notes
and configuration guide.
Configuration guide:
New features:
Full release notes:
About 9.0
9.0 release (code name Arsenal) is first release to support
all currently available ASA hardware - ASA, ASA CX, ASA SM, etc
General VPN new features
- NSA's Suite-B cryptographic support.
Complicate with NSA'a Next Generation Encryption Suite.
- Custom Policy attributes:
Ability for ASA to deliver attributes to endpoints that are
custom/new - i.e these attributes are opaque to ASA and handed to client(s).
New IPsec VPN features
Here's a brief look at the most important IPsec-related
feature:
- Static LAN-to-LAN support in multi-conext mode.
This long awaited feature allows you to create LAN to LAN
tunnel in security context, no support for remote access at this point.
- IPsec tunnel establishment with Anyconnect 3.1 client using IPv6, note that with IKEv2 there's a limitation for IPv6 inner traffic.
New SSL VPN features
Here's a brief summarry for SSL VPN features.
Clientless
New features specific to Clientless SSLVPN access:
- HTML5 rewriter support
before 9.0 ASA's rewriter engine didn't support HTML5 tags,
this is finally changed.
- Auto signon enahcements
ASA will come with built in SSO templates and POST form
capturing tool to allow troubleshooting & deployment.
- Citrix reciver module
This feature provides secure remote access for Citrix
Receiver application running on mobile devices to XenApp/XenDesktop VDI servers
through ASA, eliminating the need for Citrix Access Gateway.
- IPv6 clientless access
Ability to access clientless VPN portal over IPv6
- Server certificate verification
Previously ASA didn't fully verify server certificate when
it was connecting to server on behalf of clientless user. This feature allows
this to be more configurable.
- Microsoft Sharepoint 2010 support natively.
- Extended browser and operating system support.
Anyconnect client
New features specific to SSL client access:
- SSLVPN tunnel establishment with Anyconnect 3.1 using IPv6, including IPv6 attributes (assigned IPv6 address, DNS server etc)
No comments:
Post a Comment