Cisco ASA Series Cli Configuration Manual page 68

New Features
Table 1-3 New Features for ASA Version 9.0(2)/ASDM Version 7.1(2) (continued)
Feature
Management Features
The default Telnet password was removed
New Features in ASA 8.4(5)/ASDM 7.0(2)
Released: October 31, 2012
Table 1-4
Table 1-4 New Features for ASA Version 8.4(5)
Feature
Firewall Features
EtherType ACL support for
IS-IS traffic (transparent
firewall mode)
ARP cache additions for
non-connected subnets
Increased maximum
connection limits for service
policy rules
Remote Access Features
Cisco ASA Series CLI Configuration Guide
1-6
Description
To improve security for management access to the ASA, the default login
password for Telnet was removed; you must manually set the password before
you can log in using Telnet. Note: The login password is only used for Telnet
if you do not configure Telnet user authentication (the aaa authentication
telnet console command).
Formerly, when you cleared the password, the ASA restored the default of
"cisco." Now when you clear the password, the password is removed.
The login password is also used for Telnet sessions from the switch to the
ASASM (see the session command). For initial ASASM access, you must use
the service-module session command, until you set a login password.
We modified the following command: passwd.
We did not modify any ASDM screens.
lists the new features for ASA Version 8.4(5).
Description
In transparent firewall mode, the ASA can now pass IS-IS traffic using an EtherType ACL.
We modified the following command: access-list ethertype {permit | deny} is-is.
This feature is not available in 8.5(1), 8.6(1), 8.7(1), 9.0(1), or 9.1(1).
The ASA ARP cache only contains entries from directly-connected subnets by default. You can
now enable the ARP cache to also include non-directly-connected subnets. We do not
recommend enabling this feature unless you know the security risks. This feature could
facilitate denial of service (DoS) attack against the ASA; a user on any interface could send out
many ARP replies and overload the ASA ARP table with false entries.
You may want to use this feature if you use:
•
Secondary subnets.
•
Proxy ARP on adjacent routes for traffic forwarding.
This feature is not available in 8.5(1), 8.6(1), or 8.7(1).
The maximum number of connections for service policy rules was increased from 65535 to
2000000.
This feature is not available in 8.5(1), 8.6(1), or 8.7(1).
Chapter 1 Introduction to the Cisco ASA