Cisco ASA Series Cli Configuration Manual page 78
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
New Features
Table 1-5
New Features for ASA Version 9.0(1)/ASDM Version 7.0(1) (continued)
Feature
Remote Access VPN support for IPv6:
ASA VPN Load Balancing
Remote Access VPN support for IPv6:
Dynamic Access Policies support IPv6
attributes
Remote Access VPN support for IPv6:
Session Management
Cisco ASA Series CLI Configuration Guide
1-16
Description
Clients with IPv6 addresses can make AnyConnect connections through the
public-facing IPv6 address of the ASA cluster or through a GSS server.
Likewise, clients with IPv6 addresses can make AnyConnect VPN connections
through the public-facing IPv4 address of the ASA cluster or through a GSS
server. Either type of connection can be load-balanced within the ASA cluster.
For clients with IPv6 addresses to successfully connect to the ASAs
public-facing IPv4 address, a device that can perform network address
translation from IPv6 to IPv4 needs to be in the network.
This feature can be used by clients configured to use the SSL or IKEv2/IPsec
protocol.
We modified the following commands: show run vpn load-balancing.
We modified the following screen: Configuration > Remote Access VPN >
Load Balancing.
When using ASA 9.0 or later with ASDM 6.8 or later, you can now specify
these attributes as part of a dynamic access policy (DAP):
•
IPv6 addresses as a Cisco AAA attribute
•
IPv6 TCP and UDP ports as part of a Device endpoint attribute
•
Network ACL Filters (client)
This feature can be used by clients configured to use the SSL or IKEv2/IPsec
protocol.
We modified the following screens:
Configuration > Remote Access VPN > Network (Client) Access > Dynamic
Access Policies > Add > Cisco AAA attribute
Configuration > Remote Access VPN > Network (Client) Access > Dynamic
Access Policies > Add > Device > Add Endpoint Attribute
Configuration > Remote Access VPN > Network (Client) Access > Dynamic
Access Policies > Network ACL Filters (client)
Configuration > Remote Access VPN > Network (Client) Access > Dynamic
Access Policies > Webtype ACL Filters (clientless)
Session management output displays the IPv6 addresses in Public/Assigned
address fields for AnyConnect connections, site-to-site VPN connections, and
Clientless SSL VPN connections. You can add new filter keywords to support
filtering the output to show only IPv6 (outside or inside) connections. No
changes to IPv6 User Filters exist.
This feature can be used by clients configured to use the SSL protocol. This
feature does not support IKEv2/IPsec protocol.
We modified the following command: show vpn-sessiondb.
We modified these screen: Monitoring > VPN > VPN Statistics > Sessions.
Chapter 1
Introduction to the Cisco ASA
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
