Table Of Contents
Cisco ASA 5500 Series Release Notes Version 7.0(7)
This document includes the following sections:
The Cisco ASA 5500 series adaptive security appliance delivers unprecedented levels of defense against threats to the network with deeper web inspection and flow specific analysis, improved secure connectivity through end-point security posture validation and voice and video over VPN support. It also provides enhanced support for intelligent information networks through improved network integration, resiliency, and scalability. This release introduces significant enhancements to all major functional areas, including: firewalling and inspection services, VPN services, network integration, high-availability services, and management/monitoring.
For more information on all the new features, see the "New Features" section.
Additionally, the Cisco ASA 5500 series adaptive security appliance software supports Adaptive Security Device Manager. ASDM is a browser-based, Java applet used to configure and monitor the software on the security appliances. ASDM is loaded from the adaptive security appliance, then used to configure, monitor, and manage the device.
The sections that follow list the system requirements for operating a Cisco ASA 5500 series adaptive security appliance. This section includes the following topics:
Table 1 lists the DRAM memory requirements for the Cisco ASA 5500 series adaptive security appliance.
Table 1 DRAM Memory Requirements
ASA Model DRAM Memory
All Cisco ASA 5500 series adaptive security appliances require a minimum of 64 MB of internal CompactFlash.
Determining the Software Version
Use the show version command to verify the software version of your Cisco ASA 5500 series adaptive security appliance.
Upgrading to a New Software Release
If you have a Cisco.com login, you can obtain software from the following website:
New FeaturesReleased: July 9, 2007
Table 2 lists the new features for ASA and PIX Version 7.0(7)/ASDM Version 5.0(7).
This section lists important notes related to Version 7.0(7).
Common Criteria EAL4+
For information on common criteria EAL4+, see the Installation and Configuration for Common Criteria EAL4 Evaluated Cisco Adaptive Security Appliance, Version 7.0(6) document.
The Cisco ASA 5500 series adaptive security appliance is on the FIPS 140-2 Pre-Validation List.
Hostname and Domain Name Limitation
When using ASDM, the hostname and domain names combined should not be more than 63 characters long. If the hostname and domain names combined is more than 63 characters, you will get an error message.
WebVPN ACLS and DNS Hostname
When a deny webtype URL ACL (DNS-based) is defined, but the DNS-based URL is not reachable, a "DNS Error" popup is displayed on the browser. The ACL hitcounter is also not incremented.
If the URL ACL is defined by an IP instead of DNS name, then the traffic flow hitting the ACL will be recorded in the hitcounter and a "Connection Error" is displayed on the browser.
Proxy Server and ASA
If WebVPN is configured to use an HTTP(S)-proxy server to service all requests for browsing HTTP and/or HTTPS sites, the client/browser may expect the following behavior:
1. If the ASA cannot communicate with the HTTPS or HTTPS proxy server, a "connection error" is displayed on the client browser.
2. If the HTTP(S) proxy cannot resolve or reach the requested URL, it should send an appropriate error to the ASA, which in turn will display it to the client browser.
Only when the HTTP(S) proxy server notifies the ASA of the inaccessible URL, can the ASA notify the error to the client browser.
The PFS setting on the VPN client and the adaptive security appliance must match.
ACS Radius Authorization Server
When certificate authentication is used in conjuction with Radius authorization, the ACS server sends a bogus Group=CISCOACS:0003b9c6/5a940131/username and is displayed in the vpn-session database.
Readme Document for the Conduits and Outbound List Conversion Tool 1.2
The Cisco ASA 5500 series adaptive security appliance Outbound/Conduit Conversion tool assists in converting configurations with outbound or conduit commands to similar configurations using ACLs. ACL-based configurations provide uniformity and leverage the powerful ACL feature set. ACL based configurations provide the following benefit:
•ACE Insertion capability - System configuration and management is greatly simplified by the ACE insertion capability that allows users to add, delete or modify individual ACEs.
User Upgrade Guide
For a list of deprecated features, and user upgrade information, go to the following URL:
Features not Supported in Version 7.0
The following features are not supported in Version 7.0(7):
•L2TP over IPSec
For information on MIB Support, go to: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Downgrade to Previous Version
To downgrade to a previous version of the operating system software (software image), use the downgrade command in privileged EXEC mode. For more information and a complete description of the command syntax, see the Cisco Security Appliance Command Reference.
The following sections describe the caveats for the Version 7.0(7).
For your convenience in locating caveats in Cisco's Bug Toolkit, the caveat titles listed in this section are drawn directly from the Bug Toolkit database. These caveat titles are not intended to be read as complete sentences because the title field length is limited. In the caveat titles, some truncation of wording or punctuation may be necessary to provide the most complete and concise description. The only modifications made to these titles are as follows:
•Commands are in boldface type.
•Product names and acronyms may be standardized.
•Spelling errors and typos may be corrected.
Note If you are a registered cisco.com user, view Bug Toolkit on cisco.com at the following website:
To become a registered cisco.com user, go to the following website:
Open Caveats - Version 7.0(7)
Table 3 lists the open caveats for Version 7.0(7).
Resolved Caveats - Version 7.0(7)
Table 4 lists the resolved caveats for Version 7.0(7).
For additional information on the Cisco ASA 5500 series adaptive security appliance, see the following URL on Cisco.com: http://www.cisco.com/en/US/products/ps6120/tsd_products_support_series_home.html
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
CCVP, the Cisco logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networking Academy, Network Registrar, Packet, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0705R)
© 2007 Cisco Systems, Inc.
All rights reserved.