Release Notes for the Cisco ASA Device Package Software, Version 1.2(7) for ACI
Available Languages
Table of Contents
Release Notes for the Cisco ASA Device Package Software, Version 1.2(7) for ACI
New Features in Version 1.2(7.8)
Running APIC 1.2(x) with ASA 9.3(1)
Manually Re-Sync the APIC if You Changed the Version of ASA After It Was Registered with the APIC
Resolved Caveat in the Cisco ASA Device Package, Version 1.2(7.10)
Resolved Caveats in the Cisco ASA Device Package, Version 1.2(7.8)
Resolved Enhancement Requests in the Cisco ASA Device Package, Version 1.2(7.8)
Open Caveats in the Cisco ASA Device Package, Version 1.2(7.10)
Release Notes for the Cisco ASA Device Package Software, Version 1.2(7) for ACI
This document contains release information for the Cisco ASA Device Package software, Version 1.2(7) for ACI, and includes the following sections:
- Available APIC Products
- Supported Versions
- New Features in Version 1.2(7.8)
- Important Notes
- Running APIC 1.2(x) with ASA 9.3(1)
- Policy Manager Locks Up when the Configuration for BGP Peering for the Service Appliance is Incomplete
- Manually Re-Sync the APIC if You Changed the Version of ASA After It Was Registered with the APIC
- Download the Software
- Install the Software
- Bug Search
- Resolved Caveat in the Cisco ASA Device Package, Version 1.2(7.10)
- Resolved Caveats in the Cisco ASA Device Package, Version 1.2(7.8)
- Resolved Enhancement Requests in the Cisco ASA Device Package, Version 1.2(7.8)
- Open Caveats in the Cisco ASA Device Package, Version 1.2(7.10)
- Related Documentation
- Additional Information
Available APIC Products
Starting with release 1.2(7.8), there are two versions of the Cisco ASA Device Package software for ACI:
- Cisco ASA Device Package software for ACI - Same as the original version that was available with version 1.2(6) and earlier. This version allows you to configure many important features of ASA from the APIC, including, but not limited to, the following:
Supported Versions
Cisco ASA Device Package software supports only the version of APIC that it is shipped with.
The following table lists the supported versions of the Cisco ASA software for each of the supported platforms:
See the “ASA and ASDM Compatibility” section of the Cisco ASA Compatibility Matrix. |
New Features in Version 1.2(7.8)
This software release includes support for the following:
- Starting with release 1.2(7.8), two versions of the Cisco ASA Device Package software for ACI are available. For more information about both versions, see the “Available APIC Products” section.
- Support for sub-interfaces for Adaptive Security Virtual Appliances (ASAv). For more information about how to use the command, see the Cisco ASA Series General Operations CLI Configuration Guide or the Cisco ASA Series General Operations ASDM Configuration Guide.
Running APIC 1.2(x) with ASA 9.3(1)
If you are running APIC 1.2(x) with ASA 9.3(1), which has a default SSL configuration, you will see the following error:
The workaround is to have ssl encryption aes128-sha1 configured on the ASA, or to upgrade the ASA to version 9.3(2) or later.
Policy Manager Locks Up when the Configuration for BGP Peering for the Service Appliance is Incomplete
Use this workaround for caveat CSCuw0342:
Symptom The Policy Manager crashes when the l3Out that is used for BGP peering for the service appliance has an incomplete configuration (CSCuw03425).
Conditions The l3Out used for BGP peering for the service appliance is missing l3extRsNodeL3OutAtt.
Workaround Make sure that the l3Out contains l3extRsNodeL3OutAtt. This problem will be fixed in a subsequent release.
The following shows the BGP XML example with l3extRsNodeL3OutAtt:
Manually Re-Sync the APIC if You Changed the Version of ASA After It Was Registered with the APIC
Use this workaround for caveat CSCva89163:
Symptom Some commands do not work. For example, the information for the network and neighbor commands is not displayed (CSCva89163).
Conditions If you are using a version of the ASA that is different from the version that is registered with APIC, it does not automatically re-register with the APIC. Therefore, if you are using an older version of ASA, some commands may not be supported.
Workaround Manually re-sync the APIC with the ASA by completing the following procedure:
Step 1
On the Tenants tab of the APIC GUI, expand L4-L7 Services in the left pane.
Step 3 Expand the firewall that is running APIC.
Step 4 Right-click the device that is running APIC, and select Re-Query for Device Validation.
Download the Software
If you have a Cisco.com login, you can obtain the Cisco ASA Device Package software image from:
https://software.cisco.com/download/release.html?mdfid=283123066&flowid=22661&softwareid=286279676
Install the Software
To upgrade from an older to a newer version, you do not need to remove the previous software package if your APIC release has the fix for CSCuv4353. Otherwise, remove the older version from the APIC before installing the newer version.
For instructions on how to install the Cisco ASA Device Package software, see Cisco ASA Quick Start Guide for APIC Integration, Version 1.2.x.
Bug Search
If you are a registered Cisco.com user, view more information about each caveat using the Bug Search tool at:
Resolved Caveat in the Cisco ASA Device Package, Version 1.2(7.10)
The following table lists the caveat resolved in the Cisco ASA Device Package, Version 1.2(7.10):
Resolved Caveats in the Cisco ASA Device Package, Version 1.2(7.8)
The following table lists the caveats resolved in the Cisco ASA Device Package, Version 1.2(7.8):
Resolved Enhancement Requests in the Cisco ASA Device Package, Version 1.2(7.8)
The following table lists the enhancement requests resolved in the Cisco ASA Device Package, Version 1.2(7.8):
Open Caveats in the Cisco ASA Device Package, Version 1.2(7.10)
The following table lists the open caveats (severity 1 to 3) in the Cisco ASA Device Package, Version 1.2(7.10):
Related Documentation
For additional information about the Cisco ASA, see Navigating the Cisco ASA Series Documentation.
For additional information about the Cisco APIC, see the APIC Documentation website and the Cisco Application Centric Infrastructure Security Solution website.
Additional Information
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at: http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html.
Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation as an RSS feed and delivers content directly to your desktop using a reader application. The RSS feeds are a free service
This document is to be used in conjunction with the documents listed in the “Related Documentation” section.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)