Cisco ASA 5505 Configuration Manual page 71

Chapter 1 Introduction to the Cisco ASA 5500 Series Adaptive Security Appliance
Table 1-4 New Features for ASDM Version 6.3(1)/ASA Version 8.3(1) (Unless Otherwise Noted) (continued)
Feature
Usability Improvements for
Remote Access VPN
Firewall Features
Interface-Independent
Access Policies
Network and Service
Objects
Object-group Expansion
Rule Reduction
NAT Simplification
OL-20339-01
Description
ASDM provides a step-by-step guide to configuring Clientless SSL VPN, AnyConnect SSL
VPN Remote Access, or IPsec Remote Access using the ASDM Assistant. The ASDM
Assistant is more comprehensive than the VPN wizards, which are designed only to get you up
and running.
The following screen was modified: Configuration > Remote Access VPN > Introduction >
ASDM Assistant.
You can now configure access rules that are applied globally, as well as access rules that are
applied to an interface. If the configuration specifies both a global access policy and
interface-specific access policies, the interface-specific policies are evaluated before the global
policy.
The following screen was modified: Configuration > Firewall > Access Rules.
You can now create named network objects that you can use in place of a host, a subnet, or a
range of IP addresses in your configuration and named service objects that you can use in place
of a protocol and port in your configuration. You can then change the object definition in one
place, without having to change any other part of your configuration. This release introduces
support for network and service objects in the following features:
NAT
•
Access rules
•
Network object groups
•
Note ASDM used network objects internally in previous releases; this feature introduces
platform support for network objects.
The following screens were modified or introduced:
Configuration > Firewall > Objects > Network Objects/Groups, Configuration > Firewall >
Objects > Service Objects/Groups
Configuration > Firewall > NAT Rules, Configuration > Firewall > Access Rules
Significantly reduces the network object-group expansion while maintaining a satisfactory
level of packet classification performance.
The following screen was modified: Configuration > Firewall > Access Rules > Advanced.
The NAT configuration was completely redesigned to allow greater flexibility and ease of use.
You can now configure NAT using auto NAT, where you configure NAT as part of the attributes
of a network object, and manual NAT, where you can configure more advanced NAT options.
The following screens were modified or introduced:
Configuration > Firewall > Objects > Network Objects/Group
Configuration > Firewall > NAT Rules
Cisco ASA 5500 Series Configuration Guide using ASDM
New Features
1-9