Cisco Asdm 7.1 Download
Contents
First Published: March 23, 2015
- Trusted Windows (PC) download Cisco ASDM 10.10.20.4. Virus-free and 100% clean download. Get Cisco ASDM alternative downloads.
- Free cisco asdm 7.1.2.102 msi download software at UpdateStar.
- How to download ASDM from ASA5505 and install it by Cyrus Lok on Saturday, April 3, 2010 at 10:32am The title is weird right? I felt that too. It has a CD but no ASDM installer at least I cannot find it (maybe I am stupid or something but whatever.) not all things inside the.
- Buy Directly from Cisco Configure, price, and order Cisco products, software, and services. Available to partners and to customers with a direct purchasing agreement. End User License and SaaS Terms Cisco software is not sold, but is licensed to the registered end user.
Last Updated: June 21, 2016
Cisco announces the end-of-sale and end-of-life dates for the Cisco Adaptive Security Appliance (ASA) Software Release 9.1 and Adaptive Security Device Manager (ASDM) 7.1. The last day to order the affected product(s) is August 25, 2017. Upgrade ASDM to Version 7.1(5.100) or later. This ASDM version includes the Permissions attribute in the JAR manifest, which is required as of Java 7 Update 51. To use ASDM 7.1(5) or earlier, add a security exception in the Java Control Panel for each ASA you want to manage with ASDM. See the “Workaround” section at.
This document contains release information for Cisco ASDM Version 7.4(x) for the Cisco ASA series.
Important Notes
For the ASA 5506H-X, when you upgrade to ASA Version 9.5(2), the correct licensing level is applied. Earlier ASA versions apply the same licensing as the ASA 5506-X base license. For earlier versions, you can contact Cisco to receive the ASA 5506-X Security Plus license, which is equivalent to the correct ASA 5506H-X base license; or simply upgrade to 9.5(2).
Unified Communications Phone Proxy and Intercompany Media Engine Proxy are deprecated—In ASA Version 9.4, the Phone Proxy and IME Proxy are no longer supported.
Elliptic curve cryptography for SSL/TLS—When an elliptic curve-capable SSL VPN client connects to the ASA, the elliptic curve cipher suite will be negotiated, and the ASA will present the SSL VPN client with an elliptic curve certificate, even when the corresponding interface has been configured with an RSA-based trustpoint. To avoid having the ASA present a self-signed SSL certificate, the administrator needs to remove the corresponding cipher suites using the ssl cipher command. For example, for an interface configured with an RSA trustpoint, the administrator can execute the following command so that only RSA based ciphers are negotiated:
The RSA toolkit version used in ASA 9.x is different from what was used in ASA 8.4, which causes differences in PKI behavior between these two versions.
For example, ASAs running 9.x software allow you to import certificates with an Organizational Name Value (OU) field length of 73 characters. ASAs running 8.4 software allow you to import certificates with an OU field name of 60 characters. Because of this difference, certificates that can be imported in ASA 9.x will fail to be imported to ASA 8.4. If you try to import an ASA 9.x certificate to an ASA running version 8.4, you will likely receive the error, 'ERROR: Import PKCS12 operation failed.
System Requirements
This section lists the system requirements to run this release.
ASDM Client Operating System and Browser Requirements
The following table lists the supported and recommended client operating systems and Java for ASDM.
Operating System | Browser | Java SE Plug-in | |||
---|---|---|---|---|---|
Internet Explorer | Firefox | Safari | Chrome | ||
Microsoft Windows (English and Japanese): 8 7 Server 2008 Server 2012 | Yes | Yes | No support | Yes | 7.0 or later |
Apple OS X 10.4 and later | No support | Yes | Yes | Yes (64-bit version only) | 7.0 or later |
Red Hat Enterprise Linux 5 (GNOME or KDE): Desktop Desktop with Workstation | N/A | Yes | N/A | Yes | 7.0 or later |
Java and Browser Compatibility
The following table lists compatibility caveats for Java, ASDM, and browser compatibility.
Java Version | Conditions | Notes | ||
---|---|---|---|---|
7 update 51 | ASDM Launcher requires trusted certificate | To continue using the Launcher, do one of the following:
| ||
In rare cases, online help does not load when using Java Web Start | In rare cases, when launching online help, the browser window loads, but the content fails to appear. The browser reports an error: “Unable to connect”. Workaround:
| |||
7 update 45 | ASDM shows a yellow warning about the missing Permissions attribute when using an untrusted certificate | Due to a bug in Java, if you do not have a trusted certificate installed on the ASA, you see a yellow warning about a missing Permissions attribute in the JAR manifest. It is safe to ignore this warning; ASDM 7.2 and later includes the Permissions attribute. To prevent the warning from appearing, install a trusted certificate (from a known CA); or generate a self-signed certificate on the ASA by choosing Configuration > Device Management > Certificates > Identity Certificates. Launch ASDM, and when the certificate warning is shown, check the Always trust connections to websites check box. | ||
7 | Requires strong encryption license (3DES/AES) on ASA | ASDM requires an SSL connection to the ASA. You can request a 3DES license from Cisco:
| ||
All |
| When the ASA uses a self-signed certificate or an untrusted certificate, Firefox and Safari are unable to add security exceptions when browsing using HTTPS over IPv6. See https://bugzilla.mozilla.org/show_bug.cgi?id=633001. This caveat affects all SSL connections originating from Firefox or Safari to the ASA (including ASDM connections). To avoid this caveat, configure a proper certificate for the ASA that is issued by a trusted certificate authority. | ||
| If you change the SSL encryption on the ASA to exclude both RC4-MD5 and RC4-SHA1 algorithms (these algorithms are enabled by default), then Chrome cannot launch ASDM due to the Chrome “SSL false start” feature. We suggest re-enabling one of these algorithms (see the Configuration > Device Management > Advanced > SSL Settings pane); or you can disable SSL false start in Chrome using the --disable-ssl-false-start flag according to Run Chromium with flags. | |||
IE9 for servers | For Internet Explorer 9.0 for servers, the “Do not save encrypted pages to disk” option is enabled by default (See Tools > Internet Options > Advanced). This option causes the initial ASDM download to fail. Be sure to disable this option to allow ASDM to download. | |||
OS X | On OS X, you may be prompted to install Java the first time you run ASDM; follow the prompts as necessary. ASDM will launch after the installation completes. | |||
All | OS X 10.8 and later | You need to allow ASDM to run because it is not signed with an Apple Developer ID. If you do not change your security preferences, you see an error screen.
|
Install an Identity Certificate for ASDM
When using Java 7 update 51 and later, the ASDM Launcher requires a trusted certificate. An easy approach to fulfill the certificate requirements is to install a self-signed identity certificate. You can use Java Web Start to launch ASDM until you install a certificate.
See Install an Identity Certificate for ASDM to install a self-signed identity certificate on the ASA for use with ASDM, and to register the certificate with Java.
Increase the ASDM Configuration Memory
ASDM supports a maximum configuration size of 512 KB. If you exceed this amount you may experience performance issues. For example, when you load the configuration, the status dialog box shows the percentage of the configuration that is complete, yet with large configurations it stops incrementing and appears to suspend operation, even though ASDM might still be processing the configuration. If this situation occurs, we recommend that you consider increasing the ASDM system heap memory.
Increase the ASDM Configuration Memory in Windows
To increase the ASDM heap memory size, edit the run.bat file by performing the following procedure.
ProcedureStep 1 | Go to the ASDM installation directory, for example C:Program Files (x86)Cisco SystemsASDM. |
Step 2 | Edit the run.bat file with any text editor. |
Step 3 | In the line that starts with “start javaw.exe”, change the argument prefixed with “-Xmx” to specify your desired heap size. For example, change it to -Xmx768M for 768 MB or -Xmx1G for 1 GB. |
Step 4 | Save the run.bat file. |
Increase the ASDM Configuration Memory in Mac OS
To increase the ASDM heap memory size, edit the Info.plist file by performing the following procedure.
ProcedureStep 1 | Right-click the Cisco ASDM-IDM icon, and choose Show Package Contents. |
Step 2 | In the Contents folder, double-click the Info.plist file. If you have Developer tools installed, it opens in the Property List Editor. Otherwise, it opens in TextEdit. |
Step 3 | Under Java > VMOptions, change the string prefixed with “-Xmx” to specify your desired heap size. For example, change it to -Xmx768M for 768 MB or -Xmx1G for 1 GB. |
Step 4 | If this file is locked, you see an error such as the following: |
Step 5 | Click Unlock and save the file. If you do not see the Unlock dialog box, exit the editor, right-click the Cisco ASDM-IDM icon, choose Copy Cisco ASDM-IDM, and paste it to a location where you have write permissions, such as the Desktop. Then change the heap size from this copy. |
ASA and ASDM Compatibility
For information about ASA/ASDM software and hardware requirements and compatibility, including module compatibility, see Cisco ASA Compatibility.
VPN Compatibility
For VPN compatibility, see Supported VPN Platforms, Cisco ASA 5500 Series.
New Features
This section lists new features for each release.
Note | New, changed, and deprecated syslog messages are listed in the syslog message guide. |
New Features in ASA 9.4(4)/ASDM 7.6(2)
Released: January 11, 2017
There are no new features in this release.
New Features in ASA 9.4(3)/ASDM 7.6(1)
Released: April 25, 2016
Feature | Description | ||
---|---|---|---|
Firewall Features | |||
Connection holddown timeout for route convergence | You can now configure how long the system should maintain a connection when the route used by the connection no longer exists or is inactive. If the route does not become active within this holddown period, the connection is freed. You can reduce the holddown timer to make route convergence happen more quickly. However, the 15 second default is appropriate for most networks to prevent route flapping. We modified the following screen: Configuration > Firewall > Advanced > Global Timeouts | ||
Remote Access Features | |||
Configurable SSH encryption and HMAC algorithm. | Users can select cipher modes when doing SSH encryption management and can configure HMAC and encryption for varying key exchange algorithms. We introduced the following screen: Configuration > Device Management > Advanced > SSH Ciphers Also available in 9.1(7). | ||
HTTP redirect support for IPv6 | When you enable HTTP redirect to HTTPS for ASDM access or clientless SSL VPN, you can now redirect traffic sent an to IPv6 address. We added functionality to the following screen: Configuration > Device Management > HTTP Redirect Also available in 9.1(7). | ||
Monitoring Features | |||
SNMP engineID sync for Failover | In a failover pair, the SNMP engineIDs of the paired ASAs are synced on both units. Three sets of engineIDs are maintained per ASA—synced engineID, native engineID and remote engineID. An SNMPv3 user can also specify the engineID of the ASA when creating a profile to preserve localized snmp-server user authentication and privacy options. If a user does not specify the native engineID, the show running config output will show two engineIDs per user. We modified the following command: snmp-server user No ASDM support. | ||
show tech support enhancements | The show tech support command now:
We did not add or modify any screens. Also available in 9.1(7). | ||
Support for the cempMemPoolTable in the CISCO-ENHANCED-MEMPOOL-MIB | The cempMemPoolTable of the CISCO-ENHANCED-MEMPOOL-MIB is now supported. This is a table of memory pool monitoring entries for all physical entities on a managed system.
We did not add or modify any screens. Also available in 9.1(7). |
New Features in ASA 9.4(2.145)/ASDM 7.5(1)
Released: November 13, 2015
There are no new features in this release.
Note | This release supports only the Firepower 9300 ASA security module. |
New Features in ASA 9.4(2)/ASDM 7.5(1)
Released: September 24, 2015
There are no new features in this release.
Note | ASAv 9.4(1.200) features are not included in this release. |
Note | This version does not support the ISA 3000. |
New Features in ASA 9.4(1.225)/ASDM 7.5(1)
Released: September 17, 2015
Note | This release supports only the Cisco ISA 3000. |
Feature | Description |
---|---|
Platform Features | |
Cisco ISA 3000 Support | The Cisco ISA 3000 is a DIN Rail mounted, ruggedized, industrial security appliance. It is low-power, fan-less, with Gigabit Ethernet and a dedicated management port. This model comes with the ASA Firepower module pre-installed. Special features for this model include a customized transparent mode default configuration, as well as a hardware bypass function to allow traffic to continue flowing through the appliance when there is a loss of power. We introduced the following screen: Configuration > Device Management > Hardware Bypass The hardware-bypass boot-delay command is not available in ASDM 7.5(1). This feature is not available in Version 9.5(1). |
New Features in ASA 9.4(1.152)/ASDM 7.4(3)
Released: July 13, 2015
Note | This release supports only the ASA on the Firepower 9300. |
Feature | Description | ||
---|---|---|---|
Platform Features | |||
ASA security module on the Firepower 9300 | We introduced the ASA security module on the Firepower 9300.
| ||
High Availability Features | |||
Intra-chassis ASA Clustering for the Firepower 9300 | You can cluster up to 3 security modules within the Firepower 9300 chassis. All modules in the chassis must belong to the cluster. We introduced the following screen: Configuration > Device Management > High Availability and Scalability > ASA Cluster Replication | ||
Licensing Features | |||
Cisco Smart Software Licensing for the ASA on the Firepower 9300 | We introduced Smart Software Licensing for the ASA on the Firepower 9300. We modified the following screen: Configuration > Device Management > Licensing > Smart License |
New Features in ASAv 9.4(1.200)/ASDM 7.4(2)
Released: May 12, 2015
Note | This release supports only the ASAv. |
Feature | Description | ||
---|---|---|---|
Platform Features | |||
ASAv on VMware no longer requires vCenter support | You can now install the ASAv on VMware without vCenter using the vSphere client or the OVFTool using a Day 0 configuration. | ||
ASAv on Amazon Web Services (AWS) | You can now use the ASAv with Amazon Web Services (AWS) and the Day 0 configuration.
|
New Features in ASDM 7.4(2)
Released: May 6, 2015
Feature | Description |
---|---|
Remote Access Features | |
AnyConnect Version 4.1 support | ASDM now supports AnyConnect Version 4.1. We modified the following screen: Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Client Profile (a new profile called AMP Enabler Service Profile) |
New Features in ASA 9.4(1)/ASDM 7.4(1)
Released: March 30, 2015
Feature | Description | ||
---|---|---|---|
Platform Features | |||
ASA 5506W-X, ASA 5506H-X, ASA 5508-X, ASA 5516-X | We introduced the ASA 5506W-X with wireless access point, hardened ASA 5506H-X, ASA 5508-X, and ASA 5516-X models. We did not modify any ASDM screens. | ||
Certification Features | |||
Department of Defense Unified Capabilities Requirements (UCR) 2013 Certification | The ASA was updated to comply with the DoD UCR 2013 requirements. See the rows in this table for the following features that were added for this certification:
| ||
FIPS 140-2 Certification compliance updates | When you enable FIPS mode on the ASA, additional restrictions are put in place for the ASA to be FIPS 140-2 compliant. Restrictions include:
To see the FIPS certification status for the ASA, see: This PDF is updated weekly. See the Computer Security Division Computer Security Resource Center site for more information: We modified the following command: fips enable | ||
Firewall Features | |||
Improved SIP inspection performance on multiple core ASAs. | If you have multiple SIP signaling flows going through an ASA with multiple cores, SIP inspection performance has been improved. However, you will not see improved performance if you are using a TLS, phone, or IME proxy. We did not modify any screens. | ||
SIP inspection support for Phone Proxy and UC-IME Proxy was removed. | You can no longer use Phone Proxy or UC-IME Proxy when configuring SIP inspection. Use TLS Proxy to inspect encrypted traffic. We removed Phone Proxy and UC-IME Proxy from the Select SIP Inspect Map service policy dialog box. | ||
DCERPC inspection support for ISystemMapper UUID message RemoteGetClassObject opnum3. | The ASA started supporting non-EPM DCERPC messages in release 8.3, supporting the ISystemMapper UUID message RemoteCreateInstance opnum4. This change extends support to the RemoteGetClassObject opnum3 message. We did not modify any screens. | ||
Unlimited SNMP server trap hosts per context | The ASA supports an unlimited number of SNMP server trap hosts per context. The show snmp-server host command output displays only the active hosts that are polling the ASA, as well as the statically configured hosts. We did not modify any screens. | ||
VXLAN packet inspection | The ASA can inspect the VXLAN header to enforce compliance with the standard format. We modified the following screen: Configuration > Firewall > Service Policy Rules > Add Service Policy Rule > Rule Actions > Protocol Inspection | ||
DHCP monitoring for IPv6 | You can now monitor DHCP statistics and DHCP bindings for IPv6. We introduced the following screens: Monitoring > Interfaces > DHCP > IPV6 DHCP Statistics Monitoring > Interfaces > DHCP > IPV6 DHCP Binding. | ||
High Availability Features | |||
Blocking syslog generation on a standby ASA | You can now block specific syslogs from being generated on a standby unit. We did not modify any screens. | ||
Enable and disable ASA cluster health monitoring per interface | You can now enable or disable health monitoring per interface. Health monitoring is enabled by default on all port-channel, redundant, and single physical interfaces. Health monitoring is not performed on VLAN subinterfaces or virtual interfaces such as VNIs or BVIs. You cannot configure monitoring for the cluster control link; it is always monitored. You might want to disable health monitoring of non-essential interfaces, for example, the management interface. We introduced the following screen: Configuration > Device Management > High Availability and Scalability > ASA Cluster > Cluster Interface Health Monitoring | ||
ASA clustering support for DHCP relay | You can now configure DHCP relay on the ASA cluster. Client DHCP requests are load-balanced to the cluster members using a hash of the client MAC address. DHCP client and server functions are still not supported. We did not modify any screens. | ||
SIP inspection support in ASA clustering | You can now configure SIP inspection on the ASA cluster. A control flow can be created on any unit (due to load balancing), but its child data flows must reside on the same unit. TLS Proxy configuration is not supported. We did not modify any screens. | ||
Routing Features | |||
Policy Based Routing | Policy Based Routing (PBR) is a mechanism by which traffic is routed through specific paths with a specified QoS using ACLs. ACLs let traffic be classified based on the content of the packet’s Layer 3 and Layer 4 headers. This solution lets administrators provide QoS to differentiated traffic, distribute interactive and batch traffic among low-bandwidth, low-cost permanent paths and high-bandwidth, high-cost switched paths, and allows Internet service providers and other organizations to route traffic originating from various sets of users through well-defined Internet connections. We introduced or modified the following screens: Configuration > Device Setup > Routing > Route Maps > Policy Based Routing Configuration > Device Setup > Routing > Interface Settings > Interfaces. | ||
Interface Features | |||
VXLAN support | VXLAN support was added, including VXLAN tunnel endpoint (VTEP) support. You can define one VTEP source interface per ASA or security context. We introduced the following screens: Configuration > Device Setup > Interface Settings > Interfaces > Add > VNI Interface Configuration > Device Setup > Interface Settings > VXLAN | ||
Monitoring Features | |||
Memory tracking for the EEM | We have added a new debugging feature to log memory allocations and memory usage, and to respond to memory logging wrap events. We modified the following screen: Configuration > Device Management > Advanced > Embedded Event Manager > Add Event Manager Applet > Add Event Manager Applet Event | ||
Troubleshooting crashes | The show tech-support command output and show crashinfo command output includes the most recent 50 lines of generated syslogs. Note that you must enable the logging buffer command to enable these results to appear. | ||
Remote Access Features | |||
Support for ECDHE-ECDSA ciphers | TLSv1.2 added support for the following ciphers:
We modified the following screen: Configuration > Remote Access VPN > Advanced > SSL Settings. | ||
Clientless SSL VPN session cookie access restriction | You can now prevent a Clientless SSL VPN session cookie from being accessed by a third party through a client-side script such as Javascript.
We introduced the following screen: Configuration > Remote Access VPN > Clientless SSL VPN Access > Advanced > HTTP Cookie. This feature is also in 9.2(3). | ||
Virtual desktop access control using security group tagging | The ASA now supports security group tagging-based policy control for Clientless SSL remote access to internal applications and websites. This feature uses Citrix’s virtual desktop infrastructure (VDI) with XenDesktop as the delivery controller and the ASA’s content transformation engine. See the following Citrix product documentation for more information:
| ||
OWA 2013 feature support has been added for Clientless SSL VPN | Clientless SSL VPN supports the new features in OWA 2013 except for the following:
We did not modify any screens. | ||
Citrix XenDesktop 7.5 and StoreFront 2.5 support has been added for Clientless SSL VPN | Clientless SSL VPN supports the access of XenDesktop 7.5 and StoreFront 2.5. See http://support.citrix.com/proddocs/topic/xenapp-xendesktop-75/cds-75-about-whats-new.html for the full list of XenDesktop 7.5 features, and for more details. See http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-about.html for the full list of StoreFront 2.5 features, and for more details. We did not modify any screens. | ||
Periodic certificate authentication | When you enable periodic certificate authentication, the ASA stores certificate chains received from VPN clients and re-authenticates them periodically. We modified the following screens: Configuration > Device Management > Certificate Management > Identity Certificates Configuration > Device Management > Certificate Management > CA Certificates | ||
Certificate expiration alerts | The ASA checks all CA and ID certificates in the trust points for expiration once every 24 hours. If a certificate is nearing expiration, a syslog will be issued as an alert. You can configure the reminder and recurrence intervals. By default, reminders will start at 60 days prior to expiration and recur every 7 days. We modified the following screens: Configuration > Device Management > Certificate Management > Identity Certificates Configuration > Device Management > Certificate Management > CA Certificates | ||
Enforcement of the basic constraints CA flag | Certificates without the CA flag now cannot be installed on the ASA as CA certificates by default. The basic constraints extension identifies whether the subject of the certificate is a CA and the maximum depth of valid certification paths that include this certificate. You can configure the ASA to allow installation of these certificates if desired. We modified the following screens: Configuration > Device Management > Certificate Management > CA Certificates | ||
IKEv2 invalid selectors notification configuration | Currently, if the ASA receives an inbound packet on an SA, and the packet’s header fields are not consistent with the selectors for the SA, then the ASA discards the packet. You can now enable or disable sending an IKEv2 notification to the peer. Sending this notification is disabled by default.
| ||
IKEv2 pre-shared key in Hex | You can now configure the IKEv2 pre-shared keys in hex. | ||
Administrative Features | |||
ASDM management authorization | You can now configure management authorization separately for HTTP access vs. Telnet and SSH access. We modified the following screen: Configuration > Device Management > Users/AAA > AAA Access > Authorization | ||
ASDM Username From Certificate Configuration | When you enable ASDM certificate authentication, you can configure how ASDM extracts the username from the certificate; you can also enable pre-filling the username at the login prompt. We introduced the following screen: Configuration > Device Management > Management Access > HTTP Certificate Rule. | ||
terminal interactive command to enable or disable help when you enter ? at the CLI | Normally, when you enter ? at the ASA CLI, you see command help. To be able to enter ? as text within a command (for example, to include a ? as part of a URL), you can disable interactive help using the no terminal interactive command. We introduced the following command: terminal interactive | ||
REST API Features | |||
REST API Version 1.1 | We added support for the REST API Version 1.1. | ||
Support for token-based authentication (in addition to existing basic authentication) | Client can send log-in request to a specific URL; if successful, a token is returned (in response header). Client then uses this token (in a special request header) for sending additional API calls. The token is valid until explicitly invalidated, or the idle/session timeout is reached. | ||
Limited multiple-context support | The REST API agent can now be enabled in multi-context mode; the CLI commands can be issued only in system-context mode (same commands as single-context mode). Pass-through CLI API commands can be used to configure any context, as follows. If the context parameter is not present, it is assumed that the request is directed to the admin context. | ||
Advanced (granular) inspection | Granular inspection of these protocols is supported:
|
Upgrade the Software
This section provides the upgrade path information and a link to complete your upgrade.
Upgrade Path
See the following table for the upgrade path for your version. Some versions require an interim upgrade before you can upgrade to the latest version.
Current ASA Version | First Upgrade to: | Then Upgrade to: |
---|---|---|
8.2(x) and earlier | 8.4(5) | 9.1(3) and later |
8.3(x) | 8.4(5) | 9.1(3) and later |
8.4(1) through 8.4(4) | 8.4(5) or 9.0(4) | 9.1(3) and later |
8.4(5) and later | — | 9.1(3) and later |
8.5(1) | 9.0(4) | 9.1(3) and later |
8.6(1) | 9.0(4) | 9.1(3) and later |
9.0(1) | 9.0(4) | 9.1(3) and later |
9.0(2) or later | — | 9.1(3) and later |
9.1(1) | 9.1(2) | 9.1(3) and later |
9.1(2) or later | — | 9.1(3) and later |
9.2(x) | — | 9.2(2) and later |
9.3(x) | — | 9.3(2) and later |
9.4(x) | — Neverwinter nights 2 video game. Restored Multiplayer: A completely rebuilt multiplayer system makes it easy to find online persistent worlds and game with friends. | 9.4(2) and later |
Upgrade Link
To complete your upgrade, see Upgrade to ASA 9.4 and ASDM 7.4.
Open and Resolved Bugs
The open and resolved bugs for this release are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products.
Note | You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, you can register for an account. If you do not have a Cisco support contract, you can only look up bugs by ID; you cannot run searches. |
For more information about the Cisco Bug Search Tool, see the Bug Search Tool Help & FAQ.
Open Bugs
Open Bugs in Version 7.4(1)
If you have a Cisco support contract, use the following dynamic search for all open bugs severity 3 and higher for Version 7.4(1):
7.4(1) open bug search.
The following table lists the open bugs at the time of this Release Note publication.
Identifier | Description |
---|---|
Prelogin Policies changes not getting saved |
Open Bugs in Version 7.4(2)
Open Bugs in Version 7.4(1)
If you have a Cisco support contract, use the following dynamic search for all open bugs severity 3 and higher for Version 7.4(1):
7.4(1) open bug search.
The following table lists the open bugs at the time of this Release Note publication.
Identifier | Description |
---|---|
Prelogin Policies changes not getting saved |
Resolved Bugs
Resolved Bugs in Version 7.4(3)
If you have a Cisco support contract, use the following search for all resolved bugs:
7.4(3) fixed bug search.
The following table lists resolved bugs at the time of this Release Note publication.
Identifier | Description |
---|---|
asdm: Issues in loading the home page due to Core Usage output | |
DOC: ASDM: 'DM_INLINE_NETWORK' is default name of object-group |
Resolved Bugs in Version 7.4(2)
If you have a Cisco support contract, use the following search for all resolved bugs:
7.4(2) fixed bug search.
The following table lists resolved bugs at the time of this Release Note publication.
Identifier | Description |
---|---|
ASDM 7.4.X gets stuck in 'software update completed' | |
ASDM: NPE when parsing ssl command | |
ASDM 7.4.1 hangs at 87% while validating running configuration |
Resolved Bugs in Version 7.4(1)
If you have a Cisco support contract, use the following search for all resolved bugs:
7.4(1) fixed bug search.
The following table lists resolved bugs at the time of this Release Note publication.
Asdm Download
Identifier | Description |
---|---|
ASDM persistently polling ASA with CX installed | |
ASDM:Botnet Traffic Filter not working for Real-time-Reports on ASDM 7.3 | |
VXLAN: interface cli is missing while sending nve-only | |
Null pointer Exception thrown in Failover panel | |
ASDM 7.3.2 doesn't display the 'Endpoint Attribute Type: Policy' in DAP | |
ASDM: IPv6 DHCP Relay panel is missing | |
ASDM Identity Certificate Wizard error due to usage-keys | |
ASDM DAP: Need to add Windows 10 to Endpoint OS Attribute list | |
ASDM unable to add subinterfaces for ASA with SFR module | |
ASDM: Unableto display correct NAT Rules using specific object name | |
ASDM goes unresponsive with HPM enabled | |
ASDM polls for FirePOWER module status continuously | |
Syslog server table shows tcp protocol as udp and vice versa | |
ASDM 7.3.2 becomes slow when hpm topN is enabled | |
ASDM 7.3.2 hangs when loading 'All Remote Access' filter | |
Add max TLS session values for 5506, 5508 and 5516 | |
ASDM corrupts ACL which leads to traffic failures | |
ASDM shows error while creating more than 32 named int in Transparent FW | |
Trafic Capture Wizard: ACL created for Ingress doesn't show for Egress | |
Traffic Capture Wizard: changing match criteria resets interface |
End-User License Agreement
For information on the end-user license agreement, go to http://www.cisco.com/go/warranty.
Related Documentation
Download Cisco Asdm 7.1(1)
For additional information on the ASA, see Navigating the Cisco ASA Series Documentation.
Cisco Asdm 7.1 Download Mac
Copyright © 2016, Cisco Systems, Inc. All rights reserved.