Release Notes for the Cisco ASA Series, 9. Table of Contents. Release Notes for the Cisco ASA Series, Version 9. Important Notes. Limitations and Restrictions. System Requirements. New Features. New Features in Version 9. New Features in Version 9. Cisco UCS and Application Delivery for Microsoft HyperV Virtualization of Exchange 2010 with NetApp Storage. Build Your Own Oracle RAC 11g Cluster on Oracle Linux and iSCSI by Jeffrey Hunter. Learn how to set up and configure an Oracle RAC 11g Release 2 development cluster. Complete Technical Acronyms, Glossary Definitions for PC, SAN, NAS, QA, Testing, HDTV, Wireless, Linux, Embedded, Networks, Video, Digital, pharma, Unix, Video. Harden Windows 10 A Security Guide gives detailed instructions on how to secure Windows 10 machines and prevent it from being compromised. We will harden the system. Java Initiator For Windows 7 64 Bit' title='Java Initiator For Windows 7 64 Bit' />New Features in Version 9. New Features in Version 9. Upgrading the Software. Open Caveats. Resolved Caveats. Resolved Caveats in Version 9. Resolved Caveats in Version 9. Resolved Caveats in Version 9. End User License Agreement. Related Documentation. Obtaining Documentation and Submitting a Service Request. Release Notes for the Cisco ASA Series, Version 9. Released October 2. Updated July 1. 2, 2. This document contains release information for Cisco ASA software Version 9. This document includes the following sections Important Notes. Cisco ASA Clientless SSL VPN Portal Customization Integrity VulnerabilityMultiple vulnerabilities have been fixed for clientless SSL VPN in ASA software, so you should upgrade your software to a fixed version. See http tools. Cisco. Security. Advisorycisco sa 2. Java-Runtime-Environment-579x606-a8995f5b9db2eae4.jpg' alt='Java Initiator For Windows 7 64 Bit' title='Java Initiator For Windows 7 64 Bit' />Dear Members, My application in form server 6i is running fine on all 32 bit operating systems in browsers but in 64 bit OS could not. ASA versions. Also, if you ever ran an earlier ASA version that had a vulnerable configuration, then regardless of the version you are currently running, you should verify that the portal customization was not compromised. If an attacker compromised a customization object in the past, then the compromised object stays persistent after you upgrade the ASA to a fixed version. Upgrading the ASA prevents this vulnerability from being exploited further, but it will not modify any customization objects that were already compromised and are still present on the system. Microsoft Kerberos Constrained Delegation support over clientless SSL VPN is limited to the following Web applications Microsoft Outlook Web Access Microsoft Share. Point Microsoft Internet Information Services. How To Run Html Program In Netbeans. Ether. Channel configuration on the 4. GE SSM disallowedInterfaces on the 4. GE SSM, including the built in module on the ASA 5. Gigabit. Ethernet 1 x, are not supported as members of Ether. Channels. However, although not supported, configuration was not disallowed until 9. If you configured any 4. GE SSM interfaces as Ether. Channel members, then upgrading to 9. You must alter your interface configuration to comply with supported interface types. CSCtq. 62. 71. 5ASA ClusteringDue to many caveat fixes, we recommend the 9. ASA clustering. If you are running 9. Note that due to CSCue. Downgrading issues Upgrading to Version 9. ACL migration see the 9. Therefore, you cannot downgrade from 9. Be sure to make a backup copy of your configuration before you upgrade so you can downgrade using the old configuration if required. For the ASA 5. X through ASA 5. X, you cannot perform a hitless downgrade for a failover pair from 9. ASA perceives a hardware mismatch. You can successfully downgrade from 9. Per session PAT disabled when upgrading Starting in Version 9. TCP PAT traffic and all UDP DNS traffic use per session PAT see the xlate per session command in the command reference. If you upgrade to Version 9. PAT, the per session PAT feature is disabled during configuration migration. The ASA adds the following deny rules xlate per session deny tcp any. To enable per session PAT after you upgrade, enter clear configure xlate. The above deny rules are cleared so that only the default permit rules are still in place, which enables per session PAT. No Payload Encryption for exportYou can purchase some models with No Payload Encryption. For export to some countries, payload encryption cannot be enabled on the Cisco ASA series. The ASA software senses a No Payload Encryption model and disables the following features Unified Communications VPNYou can still install the Strong Encryption 3. DESAES license for use with management connections and encrypted route messages for OSPFv. For example, you can use ASDM HTTPSSSL, SSHv. Telnet and SNMPv. You can also download the dynamic database for the Botnet Traffic Filer which uses SSL and redirect traffic to Cloud Web Security. Two ASA caches are used for processing server certificate verification information. The global cache is 3. Limitations and Restrictions. Clientless SSL VPN with a self signed certificate on the ASAWhen the ASA uses a self signed certificate or an untrusted certificate, Firefox 4 and later and Safari are unable to add security exceptions when browsing using an IPv. HTTPS URL FQDN URL is OK the Confirm Security Exception button is disabled. See https bugzilla. This caveat affects all SSL connections originating from Firefox or Safari to the ASA including clientless SSL VPN connections, and ASDM connections. To avoid this caveat, configure a proper certificate for the ASA that is issued by a trusted certificate authority. For Internet Explorer 9 and later, use compatibility mode. Citrix Mobile Receiver and accessing Virtual Desktop Infrastructure VDI CSD is not supported. HTTP redirect is not supported. Using Citrix Receiver mobile clients to access web interface of Citrix servers is not supported. Certificate or smart card authentication is not supported as a means of auto sign on. You must install the XML service and configure it on Xen. App and Xen. Desktop servers. Make sure that the ports 4. ASA and the Xen. AppXen. Desktop server. The password expire in days notification on a tunnel group that is used by VDI is not supported. When configuring for IKEv. We do not recommend Diffie Hellman Group. Group. 2. For example, use crypto ikev. With a heavy load of users around 1. Web. VPN plugin, you may experience large delays because of the processing overload. Using Citrix web interface reduces the ASA rewrite overhead. To track the progress of the enhancement request to allow Web. VPN plug files to be cached on the ASA, refer to CSCud. Inter context OSPF adjacency is not supported. To work around this, use the point to point non broadcast options under the interface configuration and the neighbor command under the router ospf section. See the following example for reference interface Redundant. ASA 5. 51. 0, ASA 5. ASA 5. 54. 0, and ASA 5. We strongly recommend that you enable hardware processing using the crypto engine large mod accel command instead of software for large modulus operations such as 2. Cisco Visio Network Icons Downloads. DH5 keys. If you continue to use software processing for large keys, you could experience significant performance degradation due to slow session establishment for IPsec and SSL VPN connections. Papillon Henri Charriere. We recommend that you initially enable hardware processing during a low use or maintenance period to minimize a temporary packet loss that can occur during the transition of processing from software to hardware. Note For the ASA 5. ASA 5. 55. 0 using SSL VPN, in specific load conditions, you may want to continue to use software processing for large keys. If VPN sessions are added very slowly and the ASA runs at capacity, then the negative impact to data throughput is larger than the positive impact for session establishment. The ASA 5. 58. 05. X platforms already integrate this capability therefore, crypto engine commands are not applicable on these platforms. Only users with a privilege level of 1. ASA using the secure copy protocol SCP. New Features. Note New, changed, and deprecated syslog messages are listed in the syslog message guide. New Features in Version 9. Released December 5, 2. There are no new features in Version 9. New Features in Version 9. Released July 2. Table 1 lists the new features for ASA Version 9.