Cisco ASA Series Cli Configuration Manual page 77
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 1
Introduction to the Cisco ASA
Table 1-5
New Features for ASA Version 9.0(1)/ASDM Version 7.0(1) (continued)
Feature
Remote Access VPN support for IPv6:
AnyConnect Client Firewall Rules
Remote Access VPN support for IPv6:
Client Protocol Bypass
Remote Access VPN support for IPv6:
IPv6 Interface ID and prefix
Remote Access VPN support for IPv6:
Sending ASA FQDN to AnyConnect client
Description
Access control rules for client firewalls support access list entries for both IPv4
and IPv6 addresses.
ACLs containing IPv6 addresses can be applied to clients configured to use the
SSL protocol. This feature is not supported for the IKEv2/IPsec protocol.
We modified the following command: anyconnect firewall-rule.
We modified the following screen: Configuration > Remote Access VPN >
Network (Client) Access > Group Policies > (Edit group policy) > Advanced
> AnyConnect Client > Client Firewall.
The Client Protocol Bypass feature allows you to configure how the ASA
manages IPv4 traffic when it is expecting only IPv6 traffic or how it manages
IPv6 traffic when it is expecting only IPv4 traffic.
When the AnyConnect client makes a VPN connection to the ASA, the ASA
could assign it an IPv4, IPv6, or both an IPv4 and IPv6 address. If the ASA
assigns the AnyConnect connection only an IPv4 address or only an IPv6
address, you can now configure the Client Bypass Protocol to drop network
traffic for which the ASA did not assign an IP address, or allow that traffic to
bypass the ASA and be sent from the client unencrypted or "in the clear."
For example, assume that the ASA assigns only an IPv4 address to an
AnyConnect connection and the endpoint is dual stacked. When the endpoint
attempts to reach an IPv6 address, if Client Bypass Protocol is disabled, the
IPv6 traffic is dropped; however, if Client Bypass Protocol is enabled, the IPv6
traffic is sent from the client in the clear.
This feature can be used by clients configured to use the SSL or IKEv2/IPsec
protocol.
We introduced the following command: client-bypass-protocol.
We modified the following screen: Configuration > Remote Access VPN >
Network (Client) Access > Group Policies > (Group Policy) Advanced >
AnyConnect Client > Client Bypass Protocol.
You can now specify a dedicated IPv6 address for local VPN users.
This feature benefits users configured to use the SSL protocol. This feature is
not supported for the IKEv2/IPsec protocol.
We introduced the following command: vpn-framed-ipv6-address.
We modified the following screen: Configuration > Remote Access VPN >
AAA/Local Users > Local Users > (Edit User) > VPN Policy.
You can return the FQDN of the ASA to the AnyConnect client to facilitate
load balancing and session roaming.
This feature can be used by clients configured to use the SSL or IKEv2/IPsec
protocol.
We introduced the following command: gateway-fqdn.
We modified the following screen: Configuration > Remote Access VPN >
Network (Client) Access > Group Policies > (Edit group policy) > Advanced
> AnyConnect.
Cisco ASA Series CLI Configuration Guide
New Features
1-15
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
