PDF(163.0 KB) View with Adobe Reader on a variety of devices
Updated:July 6, 2016
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Cisco ASA Device Package Software supports only the version of APIC that it is shipped with.
New Features in 1.2(6)
This release includes support for the following:
A new command is now available which enables you to add remarks or comments about entries in any access list, including extended, EtherType, IPv6, standard, and Webtype access lists. This command is used in the same way as the access-list list_name remark text command is used for the ASA. For more information about how to use the command, see the Cisco ASA 5500 Series Command Reference.
In addition to being able to perform application-inspections on service connectors, you can now perform global application-inspections with the policy-map command. This command is used in the same way as the factory default global policy configuration on the ASA. For more information, see the Cisco Security Appliance Command Line Configuration Guide.
A new command is now available which enables you to either:
– Allow communication between interfaces with equal security levels (inter-interface)
– Allow traffic to enter and exit the same interface (intra-interface)
This command is used in the same way as the same-security-traffic command is used for the ASA. For more information about how to use the command, see the Cisco ASA 5500 Series Command Reference.
A new command is now available which enables you to define the period of time which can be used in a AccessControlEntry to specify when it is active. This command is used in the same way as the time-range command is used for the ASA. For more information about how to use the command, see the Cisco ASA 5500 Series Command Reference.
Important Notes
Pay attention to the following important notes:
The ASAv does not support multiple context mode.
ACE with dynamic EPG requires ASA image 9.3.2 or later.
APIC 1.2(x) and ASA 9.3(1)
If you are running APIC 1.2(x) with ASA 9.3(1), which has a default SSL configuration, you will see the following error:
To upgrade, you do not need to remove the previous package if your APIC release has the fix for CSCuv4353. Otherwise, to upgrade from an older version to a newer, you need to remove the old version from APIC first, then install the new version.
Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation as an RSS feed and delivers content directly to your desktop using a reader application. The RSS feeds are a free service
This document is to be used in conjunction with the documents listed in the “Related Documentation” section.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.