Cisco's new ASA code allows you to securely take your Cisco IP Phone with you anywhere

Cisco recently released a new code upgrade for their ASA security appliance. The new release, 8.0.4, contains several new features and many bug fixes. Cisco also released a new version of its GUI, ASDM 6.1.3, that supports the new features of 8.0.4. The fact that 8.0.4 is an Early Deployment (ED) release means that it goes through extensive dev testing before release. It also means that it is meant to be a very stable release of ASA code and will contain numerous bug fixes to support that premise. In fact, 8.0.4 contains some 514 closed caveats that were discovered in previous ASA builds. Most ASA customers who are using SSLVPN features or are on an 8.0.3.X engineering release should seriously consider moving to the new 8.0.4 ED release. 8.0.4 doesn’t just include closed caveats but also some important new features.

My favorite new feature has to be the IP Phone and Presence Proxy feature. First the IP Phone Proxy feature. This allows you to take your Cisco IP Phone home with you, plug it into the internet, have it setup an encrypted TLS tunnel back to your ASA, and register with your Cisco Call Manager just like you were at the office. Basically it gives you a VPN from your IP Phone to the Cisco ASA. This allows you to enable work from anywhere voice using your existing Cisco IP Phones.

Now the presence proxy feature. This allows you to share your presence information with your other business partners and affiliates. Enterprises share Presence information, and can use IM applications. It allows you to secure connectivity (TLS proxy) between Cisco Unified Presence servers and Cisco or Microsoft Presence servers. Here are some of the benefits of using a Presence solution as reported by Cisco:
• Increase productivity: Connect with colleagues on the first try by knowing their availability in advance on either Cisco Unified Personal Communicator and Cisco Unified IP Phone.
• Enhance collaboration: Share availability information and instant messages with coworkers within your business or between businesses with Cisco Unified Personal Communicator.
• Streamline communications: View telephony status of coworkers from Cisco Unified Personal Communicator, IBM Lotus Sametime, or Microsoft Office Communicator, and simply click to call them through Cisco Unified Communications Manager.
• Presence-enabled business applications: Expose presence information and user communications capabilities in corporate web directories, point of sales applications, or customer relationship management systems through Cisco Unified Application Environment and standards-based APIs on Cisco Unified Presence.
• Improve first-call resolution and customer satisfaction: Allow subject matter experts anywhere in your enterprise to handle incoming customer calls with presence capabilities delivered with Cisco Unified Expert Advisor, Cisco Unified Presence, and Cisco Unified Personal Communicator.

Here is a quick look at some of the other new 8.0.4 features:

• Discounted certificate enrollment with entrust directly through ASDM – gives you the ability to enroll with entrust for either free (test) certificates or discounted real certificates right from the ASDM GUI.




• Persistent IPsec Tunneled Flows- Allows for the stateful re-establishment of TCP flows within an IPSEC site-site tunnel upon tunnel re-establishment. This helps sensitive applications recover when a VPN tunnel drops for a short time period and then recovers.




• Pull and Show Active Directory Groups from LDAP in ASDM – Ability to retrieve a list of AD LDAP groups from within ASDM GUI. This allows you to more easily configure up DAP policies.




• Smart Tunnels for Mac OS – Ability to utilize the very powerful Clientless Smart tunnel feature on your Mac Computer. Smart tunnels allows you to run almost any TCP based application over a completely clientless SSLVPN session.




• QoS Traffic Shaping- I’ve been waiting for this one. ASA has had rate-limiting in the past but now it gets traffic shaping as well. This helps deal with those 1gig to cable modem bottleneck conditions in a more predictable and clean fashion.




• TCP Normalizer Engine changes some default settings and enhances customizability- Many of these enhancements come as a result of the previous challenges of implementing a WAAS-like acceleration solution into the network and running it through a FW. See the release notes for the changes and the new customization available.




• Native VLAN support for the ASA 5505




• Threat-detection enhanced to show TCP Intercept statistics - The TCP intercept feature protects TCP servers from TCP SYN-flooding attacks, which are a type of denial-of-service attack. The TCP intercept feature helps prevent SYN-flooding attacks by intercepting and validating TCP connection requests.

Cisco ASA 8.0.4 Release notes
http://www.cisco.com/en/US/docs/security/asa/asa80/release/notes/arn804n.html

Cisco ASDM 6.1.3 Release notes
http://www.cisco.com/en/US/docs/security/asdm/6_1/release/notes/rn613.html

Download ASA code here
http://www.cisco.com/cgi-bin/tablebuild.pl/asa

The opinions and information presented here are my personal views and not those of my employer.

• Cisco
• Security
• VoIP / Convergence
• ASA
• asa 8.0.4
• ASDM
• Cisco
• CIsco ASA
• Heary
• IP phone proxy
• Jamey Heary
• phone proxy
• presence proxy
• security