Table Of Contents
Release Notes for Cisco ASDM, Version 6.7(x)
Updated: October 16, 2012Released: August 20, 2012
This document contains release information for Cisco ASDM Version 6.7(1) for the Cisco ASA 1000V and includes the following sections:
Complete Solution Installation
•Neither the ASA 1000V nor VSG supports non-ASCII characters. To support localization, all components (that is, Cisco VNMC, Cisco VSG, and ASA 1000V) must meet this requirement.
•The ASA 1000V and Cisco VNMC require that the VMware vCenter installation, including keyboard and password or shared key settings, be set to American English.
ASA 1000V Installation
•You can use only one management mode (either VNMC or ASDM) on the ASA 1000V. They are mutually exclusive, and you need to decide on the mode before installation. If you want to switch management modes, you must reinstall the ASA 1000V.
•ASDM is used to monitor traffic on the ASA 1000V in both VNMC and ASDM modes.
•Routes through the management interface can only be configured using the CLI in VNMC mode.
Maximum Configuration Size
ASDM supports a maximum configuration size of 512 KB. If you exceed this amount, you may experience performance issues. For example, when you load the configuration, the status dialog box shows the percentage of the configuration that is complete, yet with large configurations it stops incrementing and appears to suspend operation, even though ASDM might still be processing the configuration. If this situation occurs, we recommend that you consider increasing the ASDM system heap memory.
To increase the ASDM system heap memory size, modify the launcher shortcut by performing the following steps:
Step 1 Right-click the shortcut for the ASDM-IDM Launcher, and choose Properties.
Step 2 Choose the Shortcut tab.
Step 3 In the Target field, change the argument prefixed with "-Xmx" to specify your desired heap size. For example, change it to -Xmx768m for 768 MB or -Xmx1g for 1 GB. For more information about this parameter, see the Oracle document at the following URL: http://docs.oracle.com/javase/1.5.0/docs/tooldocs/windows/java.html
ASDM Client Operating System and Browser Requirements
Table 1 lists the supported and recommended client operating systems and Java for ASDM.
Table 1 Operating System and Browser Requirements
Operating System Browser Sun Java SE Plug-in Internet Explorer Firefox 1 Safari Chrome 2
Microsoft Windows (English and Japanese):
6.0 or later1
1.5 or later
18.0 or later
Apple Macintosh OS X:
1.5 or later
2.0 or later
18.0 or later
Red Hat Enterprise Linux 5 (GNOME or KDE):
•Desktop with Workstation
1.5 or later
18.0 or later
1 ASDM requires an SSL connection from the browser to the ASA 1000V. By default, Internet Explorer on Windows Vista and later and Firefox on all operating systems do not support base encryption (DES) for SSL, and therefore require the ASA 1000V to have a strong encryption (3DES/AES) license. For Windows Internet Explorer, you can enable DES as a workaround. See http://support.microsoft.com/kb/929708 for details. For Firefox on any operating system, you can enable the security.ssl3.dhe_dss_des_sha setting as a workaround. See http://kb.mozillazine.org/About:config to learn how to change hidden configuration preferences.
2 If you change the SSL encryption on the ASA to exclude both RC4-MD5 and RC4-SHA1 algorithms (these algorithms are enabled by default), then Chrome cannot launch ASDM due to the Chrome "SSL false start" feature. We suggest re-enabling one of these algorithms (see the Configuration > Device Management > Advanced > SSL Settings pane); or you can disable SSL false start in Chrome wusing the --disable-ssl-false-start flag according to http://www.chromium.org/developers/how-tos/run-chromium-with-flags.
3 You may be prompted to install Java the first time you run ASDM; follow the prompts as necessary. ASDM will launch after the installation completes.
ASA 1000V and ASDM Compatibility
Table 2 lists information about the ASA 1000V and ASDM compatibility.
Table 2 ASA 1000V and ASDM Compatibility
ASA Version 8.7(1.1) requires ASDM Version 6.7(1).
For information about ASDM requirements for other releases, see Cisco ASA Compatibility, at:
Note New, changed, and deprecated syslog messages are listed in the syslog messages guide.
Released: October 16, 2012
Table 3 lists the new features for ASA Version 8.7(1.1)/ASDM Version 6.7(1).
Note Version 8.7(1) was removed from Cisco.com due to build issues; please upgrade to Version 8.7(1.1) or later.
Upgrading the ASAand ASDM Software
This section describes how to upgrade to the latest version and includes the following topics:
For CLI procedures, see the ASA release notes.
Viewing Your Current Version
The software version appears on the ASDM home page; view the home page to verify the software version of your ASA.
Upgrading the ASA and ASDM Images
This section describes how to install the ASDM and ASA images.
We recommend that you upgrade the ASDM image before the ASA image. You must upgrade the ASA by copying files through the ASA CLI. You must use the 6.7(1) version of the ASDM image; you cannot use another older version of the ASDM image with the ASA.
Note The VNMC does not support ASA image upgrade.
Upgrading Using ASDM 6.7(1)
Step 1 Back up your existing configuration. For example, choose File > Show Running Configuration in New Window to open the configuration as an HTML page. You can also use one of the File > Save Running Configuration options.
Step 2 Choose Tools > Check for ASA/ASDM Updates.
The Cisco.com Authentication dialog box appears.
Step 3 Enter your assigned Cisco.com username and the Cisco.com password, and then click Login.
The Cisco.com Upgrade Wizard appears.
Step 4 Complete the upgrade wizard.
Step 5 For the upgrade versions to take effect, check the Save configuration and reload device now check box to restart the ASA, and then restart the ASDM.
Step 6 Click Finish to exit the wizard and save the configuration changes that you have made.
ASDM supports almost all commands available for the adaptive ASA, but ASDM ignores some commands in an existing configuration. Most of these commands can remain in your configuration; see Tools > Show Commands Ignored by ASDM on Device for more information.
This section includes the following topics:
Ignored and View-Only Commands
Table 4 lists commands that ASDM supports in the configuration when added through the CLI, but that cannot be added or edited in ASDM. If ASDM ignores the command, it does not appear in the ASDM GUI at all. If the command is view-only, then it appears in the GUI, but you cannot edit it.
Effects of Unsupported Commands
If ASDM loads an existing running configuration and finds other unsupported commands, ASDM operation is unaffected. To view the unsupported commands, choose Tools > Show Commands Ignored by ASDM on Device.
Discontinuous Subnet Masks Not Supported
ASDM does not support discontinuous subnet masks such as 255.255.0.255. For example, you cannot use the following:ip address inside 192.168.2.1 255.255.0.255
Interactive User Commands Not Supported by the ASDM CLI Tool
The ASDM CLI tool does not support interactive user commands. If you enter a CLI command that requires interactive confirmation, ASDM prompts you to enter "[yes/no]" but does not recognize your input. ASDM then times out waiting for your response.
1. Choose Tools > Command Line Interface.
2. Enter the crypto key generate rsa command.
ASDM generates the default 1024-bit RSA key.
3. Enter the crypto key generate rsa command again.
Instead of regenerating the RSA keys by overwriting the previous one, ASDM displays the following error:Do you really want to replace them? [yes/no]:WARNING: You already have RSA ke0000000000000$A keyInput line must be less than 16 characters in length.%Please answer 'yes' or 'no'.Do you really want to replace them [yes/no]:%ERROR: Timed out waiting for a response.ERROR: Failed to create new RSA keys names <Default-RSA-key>
•You can configure most commands that require user interaction by means of the ASDM panes.
•For CLI commands that have a noconfirm option, use this option when entering the CLI command. For example:crypto key generate rsa noconfirm
There are no open caveats in the ASDM 6.7(1) release.
Licensing for the ASA 1000V
The ASA 1000V is licensed per each CPU socket that it is protecting. The Cisco Nexus 1000V switch provisions and enforces licenses for the ASA 1000V. Licenses are installed on the Virtual Supervisor Module (VSM) in the Cisco Nexus 1000V switch.
For more information, see the most recent version of the Cisco Nexus 1000V License Configuration Guidelines document at the following URL: http://www.cisco.com/en/US/products/ps9902/products_licensing_information_listing.html
For more information about the individual components that comprise the ASA 1000V, see the following documentation:
•Cisco Nexus 1000V
•Cisco VNMC and Cisco VSG
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What's New in Cisco Product Documentation as an RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service. Cisco currently supports RSS Version 2.0.
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
©2012 Cisco Systems, Inc. All rights reserved.