Version 9.0 of the Cisco ASA software has now been released. Here are some of the major features in the new release.
- Filter ICMP by ICMP code
- Clustering of multiple ASAs
- OSPFv3 and EIGRP support
- IPv6 support on outside interface for VPNs
- NAT for IPv6 and NAT64
- DHCPv6 relay
- Unified ACLs for v4 and v6
- Clientless SSL VPN – Support for new browsers and HTML5
- Site to Site VPN in multiple context mode
- Dynamic routing in multiple context mode
- Mixed firewall support in multiple context mode
There seems to be some interesting features in here. If you are running v6 in your network this release seems much more useful. Also site to site VPNs in multiple context modes is something that has been long overdue. It’s also nice to see that you can run different firewall modes for each context.
It was rumored that 9.0 was supposed to have BGP. I don’t see this mentioned anywhere. I’m not sure if it got delayed or if they abandoned the idea but some people like to run BGP on their firewalls. In my opinion it’s better to keep a router for that but it wouldn’t hurt to have the option of running BGP.
One thing that seems interesting is being able to cluster ASAs. I did not find much information about this but it seems like the ASAs would be treated as one logical unit. The difference to failover would be that you can use the power of the multiple ASAs so if one ASA could inspect 100 Mbit/s you should be able to inspect 200 Mbit/s with two of them. I’ll have to try to find some more information on this feature.
More Related Cisco ASA Readings: