Release Notes for the Cisco ASA 5500 Series, Version 8.4(x)
New Features in Version 8.4(7)
New Features in Version 8.4(6)
New Features in Version 8.4(5)
New Features in Version 8.4(4.5)
New Features in Version 8.4(4.1)
New Features in Version 8.4(3)
New Features in Version 8.4(2.8)
New Features in Version 8.4(2)
New Features in Version 8.4(1.11)
New Features in Version 8.4(1)
Resolved Caveats in Version 8.4(7)
Resolved Caveats in Version 8.4(6)
Resolved Caveats in Version 8.4(5)
Resolved Caveats in Version 8.4(4.1)
Resolved Caveats in Version 8.4(3)
Resolved Caveats in Version 8.4(2)
Resolved Caveats in Version 8.4(1)
Obtaining Documentation and Submitting a Service Request
This document contains release information for Cisco ASA 5500 software Version 8.4(1) through 8.4(7).
– Microsoft Outlook Web Access
– Microsoft Internet Information Services
Note In 8.3 and earlier, as an unsupported configuration, you could configure a management interface without an IP address, and you could access the interface using the device management address. In 8.4, the device management address is assigned to the BVI, and the management interface is no longer accessible using that IP address; the management interface requires its own IP address.
While you may see this additional text, there is no functional impact to the ASA operation; you can ignore the additional text. The test build provides additional information that can be used by engineers to pinpoint hardware problems during the manufacturing process. Unfortunately, there is no field-upgradeable resolution to eliminate this message that does not require replacing the hardware.
Hardware with a serial number that falls within the following ranges could be impacted by this cosmetic issue. Note that not all serial numbers within these ranges are impacted.
– JAF1450xxxx – JAF1516xxxx (for ASA-SSP-20-K8= only)
Hardware with the following Product IDs for the preceding serial numbers could be impacted by this cosmetic issue:
Workaround: When using Cisco Prime Network to monitor ASA 5585s, the network operator must manually clear a power supply fault condition within the EMS.
You can alter this command to make it PAT-pool only by removing object1; the PAT pool is used as the primary method, instead of as a fallback method:
Note For the ASA 5540 and ASA 5550 using SSL VPN, in specific load conditions, you may want to continue to use software processing for large keys. If VPN sessions are added very slowly and the ASA runs at capacity, then the negative impact to data throughput is larger than the positive impact for session establishment.
The ASA 5580/5585-X platforms already integrate this capability; therefore, crypto engine commands are not applicable on these platforms.
Table 1 lists information about ASDM, module, and VPN compatibility with the ASA 5500 series.
For information about ASDM requirements, see Cisco ASA Compatibility : http://www.cisco.com/en/US/docs/security/asa/compatibility/asamatrx.html |
|
For the latest OS and browser test results, see the Supported VPN Platforms, Cisco ASA 5500 Series : http://www.cisco.com/en/US/docs/security/asa/compatibility/asa-vpn-compatibility.html |
|
For information about module application requirements, see Cisco ASA Compatibility : http://www.cisco.com/en/US/docs/security/asa/compatibility/asamatrx.html |
This section includes the following topics:
Note New, changed, and deprecated syslog messages are listed in the syslog message guide.
Note Version 8.4(4) and 8.4(4.3) were removed from Cisco.com due to build issues; please upgrade to a later version.
Table 2 lists the new features for ASA Version 8.4(6).
Table 3 lists the new features for ASA Version 8.4(5).
Table 4 lists the new features forASA interim Version 8.4(4.5).
Note Version 8.4(4.3) was removed from Cisco.com due to build issues; please upgrade to Version 8.4(4.5) or later.
Note We recommend that you upgrade to a Cisco.com-posted interim release only if you have a specific problem that it resolves. If you decide to run an interim release in a production environment, keep in mind that only targeted testing is performed on interim releases. Interim releases are fully supported by Cisco TAC and will remain on the download site only until the next maintenance release is available. If you choose to run an interim release, we strongly encourage you to upgrade to a fully-tested maintenance or feature release when it becomes available. We will document interim release features at the time of the next maintenance or feature release. For a list of resolved caveats for each interim release, see the interim release notes available on the Cisco.com software download site.
Table 5 lists the new features for ASA Version 8.4(4.1).
Note Version 8.4(4) was removed from Cisco.com due to build issues; please upgrade to Version 8.4(4.1) or later.
Table 6 lists the new features for ASA Version 8.4(3).
Table 7 lists the new features for ASA interim Version 8.4(2.8).
Note We recommend that you upgrade to a Cisco.com-posted ASA interim release only if you have a specific problem that it resolves. If you decide to run an interim release in a production environment, keep in mind that only targeted testing is performed on interim releases. Interim releases are fully supported by Cisco TAC and will usually remain on the download site only until the next maintenance release is available. If you choose to run an interim release, we strongly encourage you to upgrade to a fully-tested maintenance or feature release when it becomes available.
We will document interim release features at the time of the next maintenance or feature release. For a list of resolved caveats for each ASA interim release, see the interim release notes available on the Cisco.com software download site.
Table 8 lists the new features for ASA Version 8.4(2).
Table 9 lists the new features forASA interim Version 8.4(1.11).
Note We recommend that you upgrade to a Cisco.com-posted interim release only if you have a specific problem that it resolves. If you decide to run an interim release in a production environment, keep in mind that only targeted testing is performed on interim releases. Interim releases are fully supported by Cisco TAC and will remain on the download site only until the next maintenance release is available. If you choose to run an interim release, we strongly encourage you to upgrade to a fully-tested maintenance or feature release when it becomes available. We will document interim release features at the time of the next maintenance or feature release. For a list of resolved caveats for each interim release, see the interim release notes available on the Cisco.com software download site.
Table 10 lists the new features for ASA Version 8.4(1).
See the following table for the upgrade path for your version.
Note There are no special requirements for Zero Downtime Upgrades for failover other than to upgrade to 8.4(5) or 8.4(7) instead of 8.4(6). Due to CSCug88962, you cannot perform a hitless upgrade to 8.4(6).
For detailed steps about upgrading, see the 8.4 upgrade guide.
Table 11 contains open caveats in the latest maintenance release.
If you are running an older release, and you need to determine the open caveats for your release, then add the caveats in these sections to the resolved caveats from later releases. For example, if you are running Version 8.4(1), then you need to add the caveats in this section to the resolved caveats from 8.4(2) and later to determine the complete list of open caveats.
If you are a registered Cisco.com user, view more information about each caveat using the Bug Search at the following website:
https://tools.cisco.com/bugsearch
This section includes the following topics:
Note For a list of resolved caveats for each ASA interim release, see the interim release notes available on the Cisco.com software download site.
Table 12 contains resolved caveats in ASA software Version 8.4(7).
If you are a registered Cisco.com user, view more information about each caveat using the Bug Search at the following website:
https://tools.cisco.com/bugsearch
Table 13 contains resolved caveats in ASA software Version 8.4(6).
If you are a registered Cisco.com user, view more information about each caveat using the Bug Search at the following website:
https://tools.cisco.com/bugsearch
Table 14 contains resolved caveats in ASA software Version 8.4(5).
If you are a registered Cisco.com user, view more information about each caveat using the Bug Toolkit at the following website:
http://tools.cisco.com/Support/BugToolkit/
Table 15 contains resolved caveats in ASA software Version 8.4(4.1).
If you are a registered Cisco.com user, view more information about each caveat using the Bug Toolkit at the following website:
http://tools.cisco.com/Support/BugToolkit/
Note Version 8.4(4) was removed from Cisco.com due to build issues; please upgrade to Version 8.4(4.1) or later.
Table 16 contains resolved caveats in ASA software Version 8.4(3).
If you are a registered Cisco.com user, view more information about each caveat using the Bug Toolkit at the following website:
http://tools.cisco.com/Support/BugToolkit/
Table 17 contains resolved caveats in ASA software Version 8.4(2).
If you are a registered Cisco.com user, view more information about each caveat using the Bug Toolkit at the following website:
http://tools.cisco.com/Support/BugToolkit/
Table 18 contains resolved caveats in ASA software Version 8.4(1).
If you are a registered Cisco.com user, view more information about each caveat using the Bug Toolkit at the following website:
http://tools.cisco.com/Support/BugToolkit/
For information on the end-user license agreement, go to:
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
For additional information on the ASA, see Navigating the Cisco ASA Series Documentation :
http://www.cisco.com/en/US/docs/security/asa/roadmap/asaroadmap.html
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as an RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service. Cisco currently supports RSS Version 2.0.