Version 9.0 of the Cisco ASA software has now been released. Here are some of the major features in the new release.

  • Filter ICMP by ICMP code
  • Clustering of multiple ASAs
  • OSPFv3 and EIGRP support
  • IPv6 support on outside interface for VPNs
  • NAT for IPv6 and NAT64
  • DHCPv6 relay
  • Unified ACLs for v4 and v6
  • Clientless SSL VPN – Support for new browsers and HTML5
  • Site to Site VPN in multiple context mode
  • Dynamic routing in multiple context mode
  • Mixed firewall support in multiple context mode

There seems to be some interesting features in here. If you are running v6
in your network this release seems much more useful. Also site to site VPNs
in multiple context mode is something that has been long overdue. It’s
also nice to see that you can run different firewall modes for each
context.

It was rumored that 9.0 was supposed to have BGP. I don’t see this mentioned
anywhere. I’m not sure if it got delayed or if they abandoned the idea but
some people like to run BGP on their firewalls. In my opinion it’s better
to keep a router for that but it wouldn’t hurt to have the option of running
BGP.

One thing that seems interesting is being able to cluster ASAs. I did not find
much information about this but it seems like the ASAs would be treated as
one logical unit. The difference to failover would be that you can use
the power of the multiple ASAs so if one ASA could inspect 100 Mbit/s you
should be able to inspect 200 Mbit/s with two of them. I’ll have to try
to find some more information on this feature.

ASA version 9.0 released
Tagged on:                         

5 thoughts on “ASA version 9.0 released

  • October 30, 2012 at 9:06 am
    Permalink

    Thanks for the headsup.

    Clearly I don’t spend enough time with ASAs, because I hadn’t realised they were that lacking in features. Only just now adding ICMP code filtering? Only just now adding clustering? Really?

    Good to see the v6 functionality being enhanced. Wish vendors had moved on this sooner.

    Maybe now’s the time to pursue CCNP Security, now that CCIE’s out of the way. Clearly I need some more hands-on time with an ASA!

    Reply
    • October 31, 2012 at 12:21 pm
      Permalink

      Put a Cisco logo on it and I can give it a try 🙂 Seriously though the ASA has been lagging behind on a lot of features and hopefully they now have closed the gap a bit.

      Reply
  • November 2, 2012 at 9:46 am
    Permalink

    That is why we use Fortigate 😉
    No 3rd parties needed (for webfiltering, anti-spam, anti-virus etc)

    Reply
    • November 9, 2012 at 1:17 am
      Permalink

      Oh yeah Fortigate .

      All eggs in one basket mostly doesn’t work. And its like swiss army knife made in china, when you need it doesn’t work!!!

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: