Table of Contents
- Neither the ASA 1000V nor VSG supports non-ASCII characters. To support localization, all components (that is, Cisco VNMC, Cisco VSG, and ASA 1000V) must meet this requirement.
- The ASA 1000V and Cisco VNMC require that the VMware vCenter installation, including keyboard and password or shared key settings, be set to American English.
- You can use only one management mode (either VNMC or ASDM) on the ASA 1000V. They are mutually exclusive, and you need to decide on the mode before installation. If you want to switch management modes, you must reinstall the ASA 1000V.
- ASDM is used to monitor traffic on the ASA 1000V in both VNMC and ASDM modes.
- Routes through the management interface can only be configured using the CLI in VNMC mode.
ASDM supports a maximum configuration size of 512 KB. If you exceed this amount, you may experience performance issues. For example, when you load the configuration, the status dialog box shows the percentage of the configuration that is complete, yet with large configurations it stops incrementing and appears to suspend operation, even though ASDM might still be processing the configuration. If this situation occurs, we recommend that you consider increasing the ASDM system heap memory.Step 1 Right-click the shortcut for the ASDM-IDM Launcher, and choose Properties .
Step 3 In the Target field, change the argument prefixed with “-Xmx” to specify your desired heap size. For example, change it to -Xmx768m for 768 MB or -Xmx1g for 1 GB. For more information about this parameter, see the Oracle document at the following URL: http://docs.oracle.com/javase/1.5.0/docs/tooldocs/windows/java.html
Table 1 lists the supported and recommended client operating systems and Java for ASDM.
6.0 or later 1
1.ASDM requires an SSL connection from the browser to the ASA 1000V. By default, Internet Explorer on Windows Vista and later and Firefox on all operating systems do not support base encryption (DES) for SSL, and therefore require the ASA 1000V to have a strong encryption (3DES/AES) license. For Windows Internet Explorer, you can enable DES as a workaround. See http://support.microsoft.com/kb/929708 for details. For Firefox on any operating system, you can enable the security.ssl3.dhe_dss_des_sha setting as a workaround. See http://kb.mozillazine.org/About:config to learn how to change hidden configuration preferences.
2.If you change the SSL encryption on the ASA to exclude both RC4-MD5 and RC4-SHA1 algorithms (these algorithms are enabled by default), then Chrome cannot launch ASDM due to the Chrome “SSL false start” feature. We suggest re-enabling one of these algorithms (see the Configuration > Device Management > Advanced > SSL Settings pane); or you can disable SSL false start in Chrome wusing the --disable-ssl-false-start flag according to http://www.chromium.org/developers/how-tos/run-chromium-with-flags.
Table 2 lists information about the ASA 1000V and ASDM compatibility.
Table 3 lists the new features for ASA Version 8.7(1.1)/ASDM Version 6.7(1).
We recommend that you upgrade the ASDM image before the ASA image. You must upgrade the ASA by copying files through the ASA CLI. You must use the 6.7(1) version of the ASDM image; you cannot use another older version of the ASDM image with the ASA.
Step 1 Back up your existing configuration. For example, choose File > Show Running Configuration in New Window to open the configuration as an HTML page. You can also use one of the File > Save Running Configuration options.
ASDM supports almost all commands available for the adaptive ASA, but ASDM ignores some commands in an existing configuration. Most of these commands can remain in your configuration; see Tools > Show Commands Ignored by ASDM on Device for more information.
- Ignored and View-Only Commands
- Effects of Unsupported Commands
- Discontinuous Subnet Masks Not Supported
- Interactive User Commands Not Supported by the ASDM CLI Tool
Table 4 lists commands that ASDM supports in the configuration when added through the CLI, but that cannot be added or edited in ASDM. If ASDM ignores the command, it does not appear in the ASDM GUI at all. If the command is view-only, then it appears in the GUI, but you cannot edit it.
If ASDM loads an existing running configuration and finds other unsupported commands, ASDM operation is unaffected. To view the unsupported commands, choose Tools > Show Commands Ignored by ASDM on Device .
The ASDM CLI tool does not support interactive user commands. If you enter a CLI command that requires interactive confirmation, ASDM prompts you to enter “[yes/no]” but does not recognize your input. ASDM then times out waiting for your response.
The ASA 1000V is licensed per each CPU socket that it is protecting. The Cisco Nexus 1000V switch provisions and enforces licenses for the ASA 1000V. Licenses are installed on the Virtual Supervisor Module (VSM) in the Cisco Nexus 1000V switch.
For more information, see the most recent version of the Cisco Nexus 1000V License Configuration Guidelines document at the following URL: http://www.cisco.com/en/US/products/ps9902/products_licensing_information_listing.html
- Cisco Nexus 1000V
- Cisco VNMC and Cisco VSG
- ASA 1000V
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation , which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What’s New in Cisco Product Documentation as an RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service. Cisco currently supports RSS Version 2.0.
This document is to be used in conjunction with the documents listed in the “Related Documentation” section.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.