I’m going here to show some of the new features that comes with!
Some are good… and others not ^^

Let’s start with the bad news

Memory Upgrade

To upgrade your ASA with 8.3 release, you will need to upgrade your hardware.
Memory requirement is more than the double default memory. 512 Mb for a 5505, 1GB for 5510 …

You will still be able to install the new release, but you’ll get some error message in CLI and in ASDM. The full features set will be not supported until you’ll get some memory.

Licencing Features

With the ASA ( and IOS 15.0 ) comes the new licensing feature. Time-based licences are required
now to unblock features.

The good news is that time-based licenses are stackable.
let’s say you purchased a licence for 1 one year, you won’t have to wait the last day to renew your licence. The count will be just incremented using your new licence.

You can also use multiples licenses at the same time and if you do not require a feature anymore, you can deactivate it and reactivate later.

Master Passphrase

The Master Passphrase is not new for IOS. This feature is the same as the IOS command service password-encryption. But instead of type 7, you will
get with ASA an encryption using AES.

Monitoring

High Performance Monitoring for ASDM is the ability to check the inside hosts connections ( who and how much )

to set it up :

ciscoasa(config)#hpm topn enable

Firewall features

New interface is coming! the global one! You can configure access-list and others things in a global way, not only in an interface-specific way

NAT can be configured directly in the network object

And to finish, the NAT configuration is… quite simple as how we did earlier!

Others new features here:

http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html

I assume that you already are connected to the ASA with the console port.

Restart the ASA (manually you can switch ON/OFF).

Then, when prompted press ESCAPE to enter ROMMON mode.


We want to bypass the startup-config on the next restart of the ASA, so we will change the value of the configuration register.

We need to use the confreg command. By using this command, we enter in a wizzard which will ask us some questions.



We answer yes at the first question, we want to change the value. (At this point you should store the configuration register value).

We will use the default values for all settings, except for “disable system configuration?” which is the option that will permit to bypass the startup-config. So we answer y.

rommon #0> confreg

Current Configuration Register: 0x00000001
Configuration Summary:
  boot default image from Flash

Do you wish to change this configuration? y/n [n]: y
enable boot to ROMMON prompt? y/n [n]:
enable TFTP netboot? y/n [n]:
enable Flash boot? y/n [n]:
select specific Flash image index? y/n [n]:
disable system configuration? y/n [n]: y
go to ROMMON prompt if netboot fails? y/n [n]:
enable passing NVRAM file specs in auto-boot mode? y/n [n]:
disable display of BREAK or ESC key prompt during auto-boot? y/n [n]:

Current Configuration Register: 0x00000040
Configuration Summary:
  boot ROMMON
  ignore system configuration

Update Config Register (0x40) in NVRAM...

rommon #1> boot

We can now reload the ASA with the boot command.

Once the ASA has been reloaded, we can enter privileged mode without any password (the startup-config has been bypassed).

ciscoasa> en
Password: [enter]
ciscoasa#

Now we load the startup-config in the running-config

ciscoasa# copy startup-config running-config

Destination filename [running-config]?

Cryptochecksum (unchanged): ab580f48 aeed7459 2da4751b b0061ac3

1726 bytes copied in 0.50 secs
MadRouterASA#

We enter global configuration mode and change the password.

MadRouterASA# conf t
MadRouterASA(config)# enable password Cisco

We change back the configuration register value.

MadRouterASA(config)# config-register 0x00000001

Now You can save your running-config.

MadRouterASA# copy running-config startup-config

That’s it.. !