Guest

Cisco Adaptive Security Device Manager

Release Notes for Cisco ASDM, 7.3(x)

  • Viewing Options

  • PDF (389.8 KB)
  • Feedback

Table of Contents

Release Notes for Cisco ASDM, Version 7.3(x)

Important Notes

System Requirements

ASDM Client Operating System and Browser Requirements

Java and Browser Compatibility

Install an Identity Certificate for ASDM

Increase the ASDM Configuration Memory

Increase the ASDM Configuration Memory in Windows (ASDM 7.3(2) and Later)

Increase the ASDM Configuration Memory in Windows (ASDM 7.3(1))

Increase the ASDM Configuration Memory in Mac OS

ASA and ASDM Compatibility

VPN Compatibility

New Features

New Features in ASA 9.3(2.200)/ASDM 7.3(2)

New Features in ASA 9.3(2)/ASDM 7.3(2)

New Features in ASA 9.2(3)/ASDM 7.3(1.101)

New Features in ASA 9.3(1)/ASDM 7.3(1)

Upgrading the Software

Open Bugs

Open Bugs in 7.3(2)

Open Bugs in 7.3(1.101)

Open Bugs in 7.3(1)

Resolved Bugs

Resolved Bugs in 7.3(2)

Resolved Bugs in 7.3(1.101)

Resolved Bugs in 7.3(1)

End-User License Agreement

Related Documentation

Obtaining Documentation and Submitting a Service Request

Release Notes for Cisco ASDM, Version 7.3(x)

Released: July 24, 2014

Updated: December 18, 2014

 

This document contains release information for Cisco ASDM Version 7.3(x) for the Cisco ASA series.

Important Notes

  • Windows NT AAA server was deprecated—In ASA Version 9.3, the Windows NT AAA server is no longer supported.
  • IPS Module management—For the IPS module, ASDM 7.1(6) and later are not compatible with IPS 7.3(2) and earlier—To manage an IPS module on an ASA, you must connect to the IPS IP address directly through your browser.
  • Default color scheme for ASDM in Windows—In 7.3(2) and later, the default color scheme for ASDM now defaults to not use the Office look and feel. To change the color scheme back, choose View > Office Look and Feel.

System Requirements

ASDM Client Operating System and Browser Requirements

The following table lists the supported and recommended client operating systems and Java for ASDM.

 

Table 1 Operating System and Browser Requirements

Operating System
Browser
Java SE Plug-in
Internet Explorer
Firefox
Safari
Chrome

Microsoft Windows (English and Japanese):

  • 8
  • 7
  • Server 2008
  • Server 2012

Yes

Yes

No support

Yes

7.0 or later

Apple OS X 10.4 and later

No support

Yes

Yes

Yes (64-bit version only)

7.0 or later

Red Hat Enterprise Linux 5 (GNOME or KDE):

  • Desktop
  • Desktop with Workstation

N/A

Yes

N/A

Yes

7.0 or later

Java and Browser Compatibility

The following table lists compatibility caveats for Java, ASDM, and browser compatibility.

 

Table 2 Java Caveats for ASDM Compatibility

Java Version
Conditions
Notes

7 update 51

ASDM Launcher requires trusted certificate

To continue using the Launcher, do one of the following:

  • Upgrade to Java 8 or downgrade Java to 7 update 45 or earlier.
  • Install a trusted certificate on the ASA from a known CA.
  • Install a self-signed certificate and register it with Java. See http://www.cisco.com/go/asdm-certificate.
  • Alternatively use Java Web Start.

Note ASDM 7.1(5) and earlier are not supported with Java 7 update 51. If you already upgraded Java, and can no longer launch ASDM in order to upgrade it to Version 7.2 or later, then you can either use the CLI to upgrade ASDM, or you can add a security exception in the Java Control Panel for each ASA you want to manage with ASDM. See the “Workaround” section at:

http://java.com/en/download/help/java_blocked.xml

After adding the security exception, launch the older ASDM and then upgrade to 7.2 or later.

In rare cases, online help does not load when using Java Web Start

In rare cases, when launching online help, the browser window loads, but the content fails to appear. The browser reports an error: “Unable to connect”.

Workaround:

  • Use the ASDM Launcher

Or:

  • Clear the -Djava.net.preferIPv6Addresses=true parameter in Java Runtime Parameters:

a. Launch the Java Control Panel.

b. Click the Java tab.

c. Click View.

d. Clear this parameter: -Djava.net.preferIPv6Addresses=true

e. Click OK, then Apply, then OK again.

7 update 45

ASDM shows a yellow warning about the missing Permissions attribute when using an untrusted certificate

Due to a bug in Java, if you do not have a trusted certificate installed on the ASA, you see a yellow warning about a missing Permissions attribute in the JAR manifest. It is safe to ignore this warning ; ASDM 7.2 and later includes the Permissions attribute. To prevent the warning from appearing, install a trusted certificate (from a known CA); or generate a self-signed certificate on the ASA by choosing Configuration > Device Management > Certificates > Identity Certificates. Launch ASDM, and when the certificate warning is shown, check the Always trust connections to websites check box.

7

Requires strong encryption license (3DES/AES) on ASA

ASDM requires an SSL connection to the ASA. You can request a 3DES license from Cisco:

1. Go to www.cisco.com/go/license.

2. Click Continue to Product License Registration.

3. In the Licensing Portal, click Get Other Licenses next to the text field.

4. Choose IPS, Crypto, Other... from the drop-down list.

5. Type ASA in to the Search by Keyword field.

6. Select Cisco ASA 3DES/AES License in the Product list, and click Next.

7. Enter the serial number of the ASA, and follow the prompts to request a 3DES/AES license for the ASA.

All

  • Self-signed certificate or an untrusted certificate
  • IPv6
  • Firefox and Safari

When the ASA uses a self-signed certificate or an untrusted certificate, Firefox and Safari are unable to add security exceptions when browsing using HTTPS over IPv6. See https://bugzilla.mozilla.org/show_bug.cgi?id=633001. This caveat affects all SSL connections originating from Firefox or Safari to the ASA (including ASDM connections). To avoid this caveat, configure a proper certificate for the ASA that is issued by a trusted certificate authority.

  • SSL encryption on the ASA must include both RC4-MD5 and RC4-SHA1 or disable SSL false start in Chrome.
  • Chrome

If you change the SSL encryption on the ASA to exclude both RC4-MD5 and RC4-SHA1 algorithms (these algorithms are enabled by default), then Chrome cannot launch ASDM due to the Chrome “SSL false start” feature. We suggest re-enabling one of these algorithms (see the Configuration > Device Management > Advanced > SSL Settings pane); or you can disable SSL false start in Chrome using the --disable-ssl-false-start flag according to http://www.chromium.org/developers/how-tos/run-chromium-with-flags.

IE9 for servers

For Internet Explorer 9.0 for servers, the “Do not save encrypted pages to disk” option is enabled by default (See Tools > Internet Options > Advanced). This option causes the initial ASDM download to fail. Be sure to disable this option to allow ASDM to download.

OS X

On OS X, you may be prompted to install Java the first time you run ASDM; follow the prompts as necessary. ASDM will launch after the installation completes.

All

OS X 10.8 and later

You need to allow ASDM to run because it is not signed with an Apple Developer ID. If you do not change your security preferences, you see an error screen.

 

1. To allow ASDM to run, right-click (or Ctrl-Click) the Cisco ASDM-IDM Launcher icon, and choose Open.

 

2. You see a similar error screen; however, you can open ASDM from this screen. Click Open. The ASDM-IDM Launcher opens.

 

Install an Identity Certificate for ASDM

When using Java 7 update 51 and later, the ASDM Launcher requires a trusted certificate. An easy approach to fulfill the certificate requirements is to install a self-signed identity certificate. You can use Java Web Start to launch ASDM until you install a certificate.

See the following document to install a self-signed identity certificate on the ASA for use with ASDM, and to register the certificate with Java.

http://www.cisco.com/go/asdm-certificate

Increase the ASDM Configuration Memory

ASDM supports a maximum configuration size of 512 KB. If you exceed this amount you may experience performance issues. For example, when you load the configuration, the status dialog box shows the percentage of the configuration that is complete, yet with large configurations it stops incrementing and appears to suspend operation, even though ASDM might still be processing the configuration. If this situation occurs, we recommend that you consider increasing the ASDM system heap memory.

Increase the ASDM Configuration Memory in Windows (ASDM 7.3(2) and Later)

To increase the ASDM heap memory size, edit the run.bat file by performing the following procedure.

Procedure


Step 1 Go to the ASDM installation directory, for example C:\Program Files (x86)\Cisco Systems\ASDM.

Step 2 Edit the run.bat file with any text editor.

Step 3 In the line that starts with “start javaw.exe”, change the argument prefixed with “-Xmx” to specify your desired heap size. For example, change it to -Xmx768M for 768 MB or -Xmx1G for 1 GB.

Step 4 Save the run.bat file.


 

Increase the ASDM Configuration Memory in Windows (ASDM 7.3(1))

To increase the ASDM heap memory size, modify the launcher shortcut by performing the following procedure.

Procedure


Step 1 Right-click the shortcut for the ASDM-IDM Launcher, and choose Properties.

Step 2 Click the Shortcut tab.

Step 3 In the Target field, change the argument prefixed with “-Xmx” to specify your desired heap size. For example, change it to -Xmx768M for 768 MB or -Xmx1G for 1 GB.

 


 

Increase the ASDM Configuration Memory in Mac OS

To increase the ASDM heap memory size, edit the Info.plist file by performing the following procedure.

Procedure


Step 1 Right-click the Cisco ASDM-IDM icon, and choose Show Package Contents.

Step 2 In the Contents folder, double-click the Info.plist file. If you have Developer tools installed, it opens in the Property List Editor. Otherwise, it opens in TextEdit.

Step 3 Under Java > VMOptions, change the string prefixed with “-Xmx” to specify your desired heap size. For example, change it to -Xmx768M for 768 MB or -Xmx1G for 1 GB.

 

Step 4 If this file is locked, you see an error such as the following:

 

Step 5 Click Unlock and save the file.

If you do not see the Unlock dialog box, exit the editor, right-click the Cisco ASDM-IDM icon, choose Copy Cisco ASDM-IDM, and paste it to a location where you have write permissions, such as the Desktop. Then change the heap size from this copy.


 

ASA and ASDM Compatibility

For information about ASA/ASDM requirements and compatibility, see Cisco ASA Compatibility :

http://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html

VPN Compatibility

For VPN compatibility, see the Supported VPN Platforms, Cisco ASA 5500 Series :

http://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asa-vpn-compatibility.html

New Features

New Features in ASA 9.3(2.200)/ASDM 7.3(2)

Released: December 18, 2014

The following table lists the new features for ASA Version 9.3(2.200)/ASDM Version 7.3(2).


Note This release supports only the ASAv.


 

Table 3 New Features for ASA Version 9.3(2.200)/ASDM Version 7.3(2)

Feature
Description
Platform Features

ASAv with KVM and Virtio

You can deploy the ASAv using the Kernel-based Virtual Machine (KVM) and the Virtio virtual interface driver.

New Features in ASA 9.3(2)/ASDM 7.3(2)

Released: December 18, 2014

The following table lists the new features for ASA Version 9.3(2)/ASDM Version 7.3(2).

 

Table 4 New Features for ASA Version 9.3(2)/ASDM Version 7.3(2)

Feature
Description
Platform Features

ASA 5506-X

We introduced the ASA 5506-X.

 

ASA REST API 1.0.1

A REST API was added to support configuring and managing major functions of the ASA.

 

Support for ASA image signing and verification

ASA images are now signed using a digital signature. The digital signature is verified after the ASA is booted.

This feature is not supported in ASDM.

Accelerated security path load balancing

The accelerated security path (ASP) load balancing mechanism reduces packet drop and improves throughput by allowing multiple cores of the CPU to receive packets from an interface receive ring and work on them independently.

We introduced the following screen: Configuration > Device Management > Advanced > ASP Load Balancing

Firewall Features

Configuration session for editing ACLs and objects.

Forward referencing of objects and ACLs in access rules.

You can now edit ACLs and objects in an isolated configuration session. You can also forward reference objects and ACLs, that is, configure rules and access groups for objects or ACLs that do not yet exist.

This feature is not supported in ASDM.

SIP support for Trust Verification Services, NAT66, CUCM 10.5, and model 8831 phones.

You can now configure Trust Verification Services servers in SIP inspection. You can also use NAT66. SIP inspection has been tested with CUCM 10.5.

We introduced the following screen: Configuration > Firewall > Objects > Inspection Maps > SIP > Add/Edit SIP Inspect Map > Details > TVS Server

Unified Communications support for CUCM 10.5

SIP and SCCP inspections were tested and verified with Cisco Unified Communications Manager 10.5.

Remote Access Features

Browser support for Citrix VDI

We now support an HTML 5-based browser solution for accessing the Citrix VDI, without requiring the Citrix Receiver client on the desktop.

Clientless SSL VPN for Mac OSX 10.9

We now support Clientless SSL VPN features such as the rewriter, smart tunnels, and plugins on all browsers that are supported on Mac OSX 10.9.

Interoperability with standards-based, third-party, IKEv2 remote access clients

We now support VPN connectivity via standards-based, third-party, IKEv2 remote-access clients (in addition to AnyConnect). Authentication support includes preshared keys, certificates, and user authentication via the Extensible Authentication Protocol (EAP).

We introduced or modified the following screens:

Wizards > IPsec IKEv2 Remote Access Wizard.
Configuration > Remote Access VPN > Network (Client) Access > IPsec (IKEv2) Connection Profiles
Configuration > Remote Access VPN > Network (Client) Access > IPsec (IKEv2) Connection Profiles > Add/Edit > Advanced > IPsec
Monitoring > VPN > VPN Statistics > Sessions

Transport Layer Security (TLS) version 1.2 support

We now support TLS version 1.2 for secure message transmission for ASDM, Clientless SSVPN, and AnyConnect VPN.

We modified the following screens:

Configuration > Device Management > Advanced > SSL Settings
Configuration > Remote Access VPN > Advanced > SSL Settings

AnyConnect 4.0 support for TLS version 1.2

AnyConnect 4.0 now supports TLS version 1.2 with the following four additional cipher suites: DHE-RSA-AES256-SHA256, DHE-RSA-AES128-SHA256, AES256-SHA256, and AES128-SHA256.

Licensing Features

Cisco Smart Software Licensing for the ASAv

Smart Software Licensing lets you purchase and manage a pool of licenses. Unlike PAK licenses, smart licenses are not tied to a specific serial number. You can easily deploy or retire ASAvs without having to manage each unit’s license key. Smart Software Licensing also lets you see your license usage and needs at a glance.

We introduced or modified the following screens:

Configuration > Device Management > Licensing > Smart License
Configuration > Device Management > Smart Call-Home
Monitoring > Properties > Smart License

High Availability Features

Lock configuration changes on the standby unit or standby context in a failover pair

You can now lock configuration changes on the standby unit (Active/Standby failover) or the standby context (Active/Active failover) so you cannot make changes on the standby unit outside normal configuration syncing.

 

We modified the following screen: Configuration > Device Management > High Availability and Scalability > Failover > Setup

ASA clustering inter-site deployment in transparent mode with the ASA cluster firewalling between inside networks

You can now deploy a cluster in transparent mode between inside networks and the gateway router at each site (AKA East-West insertion), and extend the inside VLANs between sites. We recommend using Overlay Transport Virtualization (OTV), but you can use any method that ensures that the overlapping MAC Addresses and IP addresses of the gateway router do not leak between sites. Use a First Hop Redundancy Protocol (FHRP) such as HSRP to provide the same virtual MAC and IP addresses to the gateway routers.

Interface Features

Traffic Zones

You can group interfaces together into a traffic zone to accomplish traffic load balancing (using Equal Cost Multi-Path (ECMP) routing), route redundancy, and asymmetric routing across multiple interfaces.

Note You cannot apply a security policy to a named zone; the security policy is interface-based. When interfaces in a zone are configured with the same access rule, NAT, and service policy, then load-balancing and asymmetric routing operate correctly.

We introduced or modified the following screens:

Configuration > Device Setup > Interface Parameters > Zones
Configuration > Device Setup > Interface Parameters > Interfaces

Routing Features

BGP support for IPv6

We added support for IPv6.

We introduced the following screen: Configuration > Device Setup > Routing > BGP > IPv6 Family

Monitoring Features

SNMP MIBs and traps

The CISCO-PRODUCTS-MIB and CISCO-ENTITY-VENDORTYPE-OID-MIB have been updated to support the new ASA 5506-X.

The ASA 5506-X have been added as new products to the SNMP sysObjectID OID and entPhysicalVendorType OID.

The ASA now supports the CISCO-CONFIG-MAN-MIB, which enables you to do the following:

  • Know which commands have been entered for a specific configuration.
  • Notify the NMS when a change has occurred in the running configuration.
  • Track the time stamps associated with the last time that the running configuration was changed or saved.
  • Track other changes to commands, such as terminal details and command sources.

We modified the following screen: Configuration > Device Management > Management Access > SNMP > Configure Traps > SNMP Trap Configuration

Showing route summary information for troubleshooting

The show route-summary command output has been added to the show tech-support detail command.

Management Features

System backup and restore

We now support complete system backup and restoration using the CLI.

We did not modify any screens. This functionality is already available in ASDM.

New Features in ASA 9.2(3)/ASDM 7.3(1.101)

Released: December 15, 2014

Table 5 lists the new features for ASA Version 9.2(3)/ASDM Version 7.3(1.101).

 

Table 5 New Features for ASA Version 9.2(3)/ASDM Version 7.3(1.101)

Feature
Description
Remote Access Features

Clientless SSL VPN session cookie access restriction

You can now prevent a Clientless SSL VPN session cookie from being accessed by a third party through a client-side script such as Javascript.

Note Use this feature only if Cisco TAC advises you to do so. Enabling this command presents a security risk because the following Clientless SSL VPN features will not work without any warning.

  • Java plug-ins
  • Java rewriter
  • Port forwarding
  • File browser
  • Sharepoint features that require desktop applications (for example, MS Office applications)
  • AnyConnect Web launch
  • Citrix Receiver, XenDesktop, and Xenon
  • Other non-browser-based and browser plugin-based applications

We introduced the following screen: Configuration > Remote Access VPN > Clientless SSL VPN Access > Advanced > HTTP Cookie

New Features in ASA 9.3(1)/ASDM 7.3(1)

Released: July 24, 2014

Table 6 lists the new features for ASA Version 9.3(1)/ASDM Version 7.3(1).

 

Table 6 New Features for ASA Version 9.3(1)/ASDM Version 7.3(1)

Feature
Description
Firewall Features

SIP, SCCP, and TLS Proxy support for IPv6

You can now inspect IPv6 traffic when using SIP, SCCP, and TLS Proxy (using SIP or SCCP).

We did not modify any ASDM screens.

Support for Cisco Unified Communications Manager 8.6

The ASA now interoperates with Cisco Unified Communications Manager Version 8.6 (including SCCPv21 support).

We did not modify any ASDM screens.

Transactional Commit Model on rule engine for access groups and NAT

When enabled, a rule update is applied after the rule compilation is completed; without affecting the rule matching performance.

We introduced the following screen: Configuration > Device Management > Advanced > Rule Engine

Remote Access Features

XenDesktop 7 Support for clientless SSL VPN

We added support for XenDesktop 7 to clientless SSL VPN. When creating a bookmark with auto sign-on, you can now specify a landing page URL or a Control ID.

We modified the following screen: Configuration > Remote Access VPN > Clientless SSL VPN Access > Portal > Bookmarks

AnyConnect Custom Attribute Enhancements

Custom attributes define and configure AnyConnect features that have not been incorporated into the ASA, such as Deferred Upgrade. Custom attribute configuration has been enhanced to allow multiple values and longer values, and now requires a specification of their type, name and value. They can now be added to Dynamic Access Policies as well as Group Policies. Previously defined custom attributes will be updated to this enhanced configuration format upon upgrade to 9.3.x.

We introduced or modified the following screens:

Configuration > Remote Access VPN > Network (Client) Access > Advanced > AnyConnect Custom Attributes
Configuration > Remote Access VPN > Network (Client) Access > Advanced > AnyConnect Custom Attribute Names
Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add/Edit > Advanced > AnyConnect Client > Custom Attributes
Configuration > Remote Access VPN > Network (Client) Access > Dynamic Access Policies > Add/Edit > AnyConnect Custom Attributes

AnyConnect Identity Extensions (ACIDex) for Desktop Platforms

ACIDex, also known as AnyConnect Endpoint Attributes or Mobile Posture, is the method used by the AnyConnect VPN client to communicate posture information to the ASA. Dynamic Access Polices use these endpoint attributes to authorize users.

The AnyConnect VPN client now provides Platform identification for the desktop operating systems (Windows, Mac OS X, and Linux) and a pool of MAC Addresses which can be used by DAPs.

We modified the following screen: Configuration > Remote Access VPN > Dynamic Access Policies > Add/Edit > Add/Edit (endpoint attribute), select AnyConnect for the Endpoint Attribute Type. Additional operating systems are in the Platform drop-down list and MAC Address has changed to Mac Address Pool.

TrustSec SGT Assignment for VPN

TrustSec Security Group Tags (SGT) can now be added to the SGT-IP table on the ASA when a remote user connects.

We introduced or modified the following screens:

Configuration > Remote Access VPN > AAA/Local Users > Local Users > Edit User > VPN Policy
Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add a Policy

High Availability Features

Improved support for monitoring module health in clustering

We added improved support for monitoring module health in clustering.

We did not modify any ASDM screens.

Disable health monitoring of a hardware module

By default, the ASA monitors the health of an installed hardware module such as the ASA FirePOWER module. If you do not want a hardware module failure to trigger failover, you can disable module monitoring.

 

We modified the following screen: Configuration > Device Management > High Availability and Scalability > Failover > Interfaces

Platform Features

ASP Load Balancing

The new auto option in the asp load-balance per-packet command enables the ASA to adaptively switch ASP load balancing per-packet on and off on each interface receive ring. This automatic mechanism detects whether or not asymmetric traffic has been introduced and helps avoid the following issues:

  • Overruns caused by sporadic traffic spikes on flows
  • Overruns caused by bulk flows oversubscribing specific interface receive rings
  • Overruns caused by relatively heavily overloaded interface receive rings, in which a single core cannot sustain the load

We did not modify any ASDM screens.

SNMP MIBs

The CISCO-REMOTE-ACCESS-MONITOR-MIB now supports the ASA SM.

Interface Features

Transparent mode bridge group maximum increased to 250

The bridge group maximum was increased from 8 to 250 bridge groups. You can configure up to 250 bridge groups in single mode or per context in multiple mode, with 4 interfaces maximum per bridge group.

We modified the following screens:

Configuration > Device Setup > Interfaces
Configuration > Device Setup > Interfaces > Add/Edit Bridge Group Interface
Configuration > Device Setup > Interfaces > Add/Edit Interface

Routing Features

BGP support for ASA clustering

We added support for BGP with ASA clustering.

We modified the following screen: Configuration > Device Setup > Routing > BGP > IPv4 Family > General

BGP support for nonstop forwarding

We added support for BGP Nonstop Forwarding.

We modified the following screens:

Configuration > Device Setup > Routing > BGP > General
Configuration > Device Setup > Routing > BGP > IPv4 Family > Neighbor
Monitoring > Routing > BGP Neighbors

BGP support for advertised maps

We added support for BGPv4 advertised map.

We modified the following screen: Configuration > Device Setup > Routing > BGP > IPv4 Family > Neighbor > Add BGP Neighbor > Routes

OSPF Support for Non-Stop Forwarding (NSF)

OSPFv2 and OSPFv3 support for NSF was added.

We added the following screens:

Configuration > Device Setup > Routing > OSPF > Setup > NSF Properties
Configuration > Device Setup > Routing > OSPFv3 > Setup > NSF Properties

AAA Features

Layer 2 Security Group Tag Imposition

You can now use security group tagging combined with Ethernet tagging to enforce policies. SGT plus Ethernet Tagging, also called Layer 2 SGT Imposition, enables the ASA to send and receive security group tags on Gigabit Ethernet interfaces using Cisco proprietary Ethernet framing (Ether Type 0x8909), which allows the insertion of source security group tags into plain-text Ethernet frames.

We modified the following screens:

Configuration > Device Setup > Interfaces > Add Interface > Advanced
Configuration > Device Setup > Interfaces > Add Redundant Interface > Advanced
Configuration > Device Setup > Add Ethernet Interface > Advanced
Wizards > Packet Capture Wizard
Tools > Packet Tracer

Removal of AAA Windows NT domain authentication

We removed NTLM support for remote access VPN users.

We modified the following screen: Configuration > Remote Access VPN > AAA/Local Users > AAA Server Groups > Add AAA Server Group

ASDM Identity Certificate Wizard

When using the current Java version, the ASDM Launcher requires a trusted certificate. An easy approach to fulfill the certificate requirements is to install a self-signed identity certificate. The ASDM Identity Certificate Wizard makes creating a self-signed identity certificate easy. When you first launch ASDM and do not have a trusted certificate, you are prompted to launch ASDM with Java Web Start; this new wizard starts automatically. After creating the identity certificate, you need to register it with the Java Control Panel. See https://www.cisco.com/go/asdm-certificate for instructions.

We added the following screen: Wizards > ASDM Identity Certificate Wizard

Monitoring Features

Monitoring Aggregated Traffic for Physical Interfaces

The show traffic command output has been updated to include aggregated traffic for physical interfaces information. To enable this feature, you must first enter the sysopt traffic detailed-statistics command.

Open Bugs

Open Bugs in 7.3(2)

Table 7 contains open bugs in ASDM software Version 7.3(2).

Registered Cisco.com users can view more information about each bug by using Bug Search at the following website:

https://tools.cisco.com/bugsearch

 

Table 7 Open Bugs in ASDM Version 7.3(2)

Bug
Description

CSCur29821

ASDM becomes unresponsive after some time

CSCur60489

ASDM Identity Certificate Wizard error due to usage-keys

CSCus05440

ASDM: Unableto display correct NAT Rules using specific object name

Open Bugs in 7.3(1.101)

Table 8 contains open bugs in ASDM software Version 7.3(1.101).

Registered Cisco.com users can view more information about each bug by using Bug Search at the following website:

https://tools.cisco.com/bugsearch

 

Table 8 Open Bugs in ASDM Version 7.3(1.101)

Bug
Description

CSCup69456

Command to negate ACL remarks not sent from ASDM

CSCup82758

ASDM sorting VPNs freezes up at 97%

Open Bugs in 7.3(1)

Table 9 contains open bugs in ASDM software Version 7.3(1).

Registered Cisco.com users can view more information about each bug by using Bug Search at the following website:

https://tools.cisco.com/bugsearch

 

Table 9 Open Bugs in ASDM Version 7.3(1)

Bug
Description

CSCup69456

Command to negate ACL remarks not sent from ASDM

CSCup82758

ASDM sorting VPNs freezes up at 97%

Resolved Bugs

Resolved Bugs in 7.3(2)

Table 12 contains the resolved bugs in ASDM software Version 7.3(2).

Registered Cisco.com users can view more information about each bug by using Bug Search at the following website:

https://tools.cisco.com/bugsearch

 

Table 10 Resolved Bugs in ASDM Version 7.3(2)

Bug
Description

CSCuo97033

ASDM nat- ASDM changes interface to object if obj. with such name exists

CSCup33692

Unable to add PUBLIC SERVER through ASDM

CSCup37140

ASDM 7.2(1) hangs up at 90%: "Populating GUI modules"

CSCup82758

ASDM sorting VPNs freezes up at 97%

CSCuq10801

ASA - User with privilege level less than 15 cannot login to ASDM

CSCuq24052

EIGRP neighbors not showing in ASDM after upgrade to 7.1.6

CSCuq40844

Packet tracer doesn't work for ASDM version 7.3(1)

CSCuq41877

ASDM should check for dependencies when deleting host from Public Server

CSCuq53503

ASDM 7.3.1 loading process gets stuck at 15% or 17%

CSCuq54818

ASDM 7.3.1 goes unresponsive after 2 minutes with Poller exception

CSCuq87483

ASDM 7.3(1): Unable to configure a Web type ACL with URL containing '/'

CSCur27774

Unable to create User Identity domain from ASDM

CSCur33996

ASDM Launcher doesn't work after upgrading to Java 8

CSCur41682

ASDM real time logs freezes after removing filter by "show all" button

CSCur49880

ASDM: TLS - SSLv3 keywords deprecated

Resolved Bugs in 7.3(1.101)

Table 12 contains the resolved bugs in ASDM software Version 7.3(1.101).

Registered Cisco.com users can view more information about each bug by using Bug Search at the following website:

https://tools.cisco.com/bugsearch

 

Table 11 Resolved Bugs in ASDM Version 7.3(1.101)

Bug
Description

CSCuq40844

Packet tracer doesn't work for ASDM version 7.3(1)

CSCuq54818

ASDM 7.3.1 goes unresponsive after 2 minutes with Poller exception

Resolved Bugs in 7.3(1)

Table 12 contains the resolved bugs in ASDM software Version 7.3(1).

Registered Cisco.com users can view more information about each bug by using Bug Search at the following website:

https://tools.cisco.com/bugsearch

 

Table 12 Resolved Bugs in ASDM Version 7.3(1)

Bug
Description

CSCul79308

Enh:  ASDM knob to export user-identity inactive/active/all user file

CSCum23202

Webvpn customisation editor should error out when it fails

CSCum24568

ASDM not responding properly if "anyconnect profile none" is configured

CSCum57517

ASDM launcher is not working with Java 7u51

CSCun78199

ASDM unable to add subinterfaces

CSCuo10523

ASDM 7.1 - Trustsec support is not enabled for ASA-SM in ASDM

CSCuo55691

ASDM 7.1.6 RSA key generation fail (command syntax error)

CSCuo62386

ASDM 7.1.6: No DNS Configuration warnings on managing GP through CP

CSCuo64879

ASDM apply button does not work when adding anyconnect xml profile

CSCuo71581

ASDM re-enables ikev1 if you switch from basic to the advanced config.

CSCuo80011

"Enable auto-generation of MAC addresses..." checkbox missing in ASDM

CSCuo89106

ASDM does not show empty object group in object-group section

CSCup26608

ASDM logs out vpn sessions when trying to cancel operation

End-User License Agreement

For information on the end-user license agreement, go to:

http://www.cisco.com/go/warranty

Related Documentation

For additional information on the ASA, see Navigating the Cisco ASA Series Documentation :

http://www.cisco.com/go/asadocs

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html.

Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.