12
Release Notes for the Cisco ASA 5500 Series, Version 8.2(x)
OL-18971-02
New Features
AnyConnect Essentials AnyConnect Essentials is a separately licensed SSL VPN client, entirely configured on the adaptive
security appliance, that provides the full AnyConnect capability, with the following exceptions:
• No CSD (including HostScan/Vault/Cache Cleaner)
• No clientless SSL VPN
• Optional Windows Mobile Support
The AnyConnect Essentials client provides remote end users running Microsoft Windows Vista,
Windows Mobile, Windows XP or Windows 2000, Linux, or Macintosh OS X, with the benefits of
a Cisco SSL VPN client.
To configure AnyConnect Essentials, the administrator uses the following command:
anyconnect-essentials—Enables the AnyConnect Essentials feature. If this feature is disabled
(using the no form of this command), the SSL Premium license is used. This feature is enabled by
default.
Note This license cannot be used at the same time as the shared SSL VPN premium license.
Disabling Cisco Secure
Desktop per Connection
Profile
When enabled, Cisco Secure Desktop automatically runs on all computers that make SSL VPN
connections to the adaptive security appliance. This new feature lets you exempt certain users from
running Cisco Secure Desktop on a per connection profile basis. It prevents the detection of
endpoint attributes for these sessions, so you might need to adjust the Dynamic Access Policy
(DAP) configuration.
CLI: [no] without-csd command
Note “Connect Profile” in ASDM is also known as “Tunnel Group” in the CLI. Additionally, the
group-url command is required for this feature. If the SSL VPN session uses
connection-alias, this feature will not take effect.
Certificate
Authentication Per
Connection Profile
Previous versions supported certificate authentication for each adaptive security appliance
interface, so users received certificate prompts even if they did not need a certificate. With this new
feature, users receive a certificate prompt only if the connection profile configuration requires a
certificate. This feature is automatic; the ssl certificate authentication command is no longer
needed, but the adaptive security appliance retains it for backward compatibility.
EKU Extensions for
Certificate Mapping
This feature adds the ability to create certificate maps that look at the Extended Key Usage
extension of a client certificate and use these values in determining what connection profile the
client should use. If the client does not match that profile, it uses the default group. The outcome
of the connection then depends on whether or not the certificate is valid and the authentication
settings of the connection profile.
The following command was introduced: extended-key-usage.
SSL VPN SharePoint
Support for Win 2007
Server
Clientless SSL VPN sessions now support Microsoft Office SharePoint Server 2007.
Table 4 New Features for ASA Version 8.2(1) (continued)
Feature Description
Comments to this Manuals