Less than a year after changing the rules with ASA version 8.3, Cisco has released a new OS version 8.4. Since I won’t be covering the release notes word for word, you can find them here… I just wanted to go over the highlights.
- EtherChannel support – Lets start with he most exciting feature first. ASA version 8.4 now supports up to 48 802.3ad EtherChannels of eight active interfaces each. Note: You cannot use interfaces on the 4GE SSM, including the integrated 4GE SSM in slot 1 on the ASA 5550, as part of an EtherChannel. New commands include: channel-group, lacp port-priority, interface port-channel, lacp max-bundle, port-channel min-bundle, port-channel load-balance, lacp system-priority, clear lacp counters, show lacp, show port-channel.
- Stateful Failover with Dynamic Routing Protocols – Routes that are learned through dynamic routing protocols (like OSPF or EIGRP) on the active unit are now maintained in a Routing Information Base (RIB) table on the standby unit. Updated commands: show failover, show route, show route failover.
- Show Top CPU Processes – You can now monitor the processes that run on the CPU to obtain information related to the percentage of the CPU used by any given process. New command: show process cpu-usage sorted
- TCP Ping Enhancement – you can specify a source IP address and a port and source interface to send pings to a hostname or an IPv4 address. New command: ping tcp
- IKEv2 – Internet Key Exchange version 2 (IKEv2) is the latest key exchange protocol used to establish and control Internet Protocol Security (IPsec) tunnels. The ASA now supports IPsec with IKEv2 for the AnyConnect Secure Mobility Client, Version 3.0(1), for all client operating systems. Updated commands: vpn-tunnel-protocol, crypto ikev2 policy, crypto ikev2 enable, crypto ipsec ikev2, crypto dynamic-map, crypto map.
Notes
- ASA 5500 Version 8.4 requires ASDM Version 6.4 or later.
- Still using 8.3 NAT…
- v8.4 also increases some scalability features (such as number of Vlans, connections, contexts, Anyconnect VPN sessions etc) mainly on higher end models such as 5580, 5585-X.
- If you’re using ASA <8.3(x) you’ll need a memory upgrade. ( see table below )
Table 1 Standard Memory and Memory Requirements for the Cisco ASA 5500 Series
<div class="pCH1_CellHead1">
ASA Model
</div>
</th>
<th rowspan="2" colspan="1" scope="col">
<a name="wp493513"></a></p>
<div class="pCH1_CellHead1">
Internal Flash Memory (Default Shipping)
</div>
</th>
<th rowspan="1" colspan="2" scope="col">
<a name="wp493521"></a></p>
<div class="pCH1_CellHead1">
DRAM (Default Shipping)
</div>
</th>
|
|---|
<div class="pCH1_CellHead1">
Before Feb. 2010
</div>
</th>
<th scope="col">
<a name="wp493531"></a></p>
<div class="pCH1_CellHead1">
After Feb. 2010 (Required for 8.3 and Higher)
</div>
</th>
|
|---|
<p class="pB1_Body1">
5505
</p>
</td>
<td>
<a name="wp493535"></a></p>
<p class="pB1_Body1">
128 MB
</p>
</td>
<td>
<a name="wp493537"></a></p>
<p class="pB1_Body1">
256 MB
</p>
</td>
<td>
<a name="wp493542"></a></p>
<p class="pB1_Body1">
<b class="cBold">512 MB</b>
</p>
</td>
|
<p class="pB1_Body1">
5510
</p>
</td>
<td>
<a name="wp493546"></a></p>
<p class="pB1_Body1">
256 MB
</p>
</td>
<td>
<a name="wp493548"></a></p>
<p class="pB1_Body1">
256 MB
</p>
</td>
<td>
<a name="wp493550"></a></p>
<p class="pB1_Body1">
<b class="cBold">1 GB</b>
</p>
</td>
|
<p class="pB1_Body1">
5520
</p>
</td>
<td>
<a name="wp493554"></a></p>
<p class="pB1_Body1">
256 MB
</p>
</td>
<td>
<a name="wp493556"></a></p>
<p class="pB1_Body1">
512 MB
</p>
</td>
<td>
<a name="wp493558"></a></p>
<p class="pB1_Body1">
<b class="cBold">2 GB</b>
</p>
</td>
|
<p class="pB1_Body1">
5540
</p>
</td>
<td>
<a name="wp493562"></a></p>
<p class="pB1_Body1">
256 MB
</p>
</td>
<td>
<a name="wp493564"></a></p>
<p class="pB1_Body1">
1 GB
</p>
</td>
<td>
<a name="wp493566"></a></p>
<p class="pB1_Body1">
<b class="cBold">2 GB</b>
</p>
</td>
|
<p class="pB1_Body1">
5550
</p>
</td>
<td>
<a name="wp493570"></a></p>
<p class="pB1_Body1">
256 MB
</p>
</td>
<td>
<a name="wp493572"></a></p>
<p class="pB1_Body1">
4 GB
</p>
</td>
<td>
<a name="wp493574"></a></p>
<p class="pB1_Body1">
4GB
</p>
</td>
|
<p class="pB1_Body1">
5580-20
</p>
</td>
<td>
<a name="wp493578"></a></p>
<p class="pB1_Body1">
1 GB
</p>
</td>
<td>
<a name="wp493580"></a></p>
<p class="pB1_Body1">
8 GB
</p>
</td>
<td>
<a name="wp493582"></a></p>
<p class="pB1_Body1">
8GB
</p>
</td>
|
<p class="pB1_Body1">
5580-40
</p>
</td>
<td>
<a name="wp493586"></a></p>
<p class="pB1_Body1">
1 GB
</p>
</td>
<td>
<a name="wp493588"></a></p>
<p class="pB1_Body1">
12 GB
</p>
</td>
<td>
<a name="wp493590"></a></p>
<p class="pB1_Body1">
12 GB
</p>
</td>
|
<p class="pB1_Body1">
5585-X wih SSP-10
</p>
</td>
<td>
<a name="wp493594"></a></p>
<p class="pB1_Body1">
2 GB
</p>
</td>
<td>
<a name="wp493596"></a></p>
<p class="pB1_Body1">
N/A
</p>
</td>
<td>
<a name="wp493598"></a></p>
<p class="pB1_Body1">
6 GB
</p>
</td>
|
<p class="pB1_Body1">
5585-X wih SSP-20
</p>
</td>
<td>
<a name="wp493602"></a></p>
<p class="pB1_Body1">
2 GB
</p>
</td>
<td>
<a name="wp493604"></a></p>
<p class="pB1_Body1">
N/A
</p>
</td>
<td>
<a name="wp493606"></a></p>
<p class="pB1_Body1">
12 GB
</p>
</td>
|
<p class="pB1_Body1">
5585-X wih SSP-40
</p>
</td>
<td>
<a name="wp493610"></a></p>
<p class="pB1_Body1">
2 GB
</p>
</td>
<td>
<a name="wp493612"></a></p>
<p class="pB1_Body1">
N/A
</p>
</td>
<td>
<a name="wp493614"></a></p>
<p class="pB1_Body1">
12 GB
</p>
</td>
|
<p class="pB1_Body1">
5585-X wih SSP-60
</p>
</td>
<td>
<a name="wp493618"></a></p>
<p class="pB1_Body1">
2 GB
</p>
</td>
<td>
<a name="wp493620"></a></p>
<p class="pB1_Body1">
N/A
</p>
</td>
<td>
<a name="wp493622"></a></p>
<p class="pB1_Body1">
24 GB
</p>
</td>
|
