User guide
13
Release Notes for Cisco Router and Security Device Manager 2.5
OL-5009-20
New and Changed Information
–
For more information on QoS policing, refer to
http://www.cisco.com/en/US/tech/tk543/tk545/tsd_technology_support_protocol_home.html
–
For more information on QoS queuing, refer to
http://www.cisco.com/en/US/tech/tk543/tk544/tsd_technology_support_protocol_home.html
–
For more information on QoS shaping, refer to
http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a008
022136e.html
• Easy VPN Enhancements— Cisco SDM supports the following Easy VPN enhancements:
Per-user Authentication, Authorization and Accounting (AAA) policy download with Public
Key Infrastructure (PKI). For more information on per-user AAA policy download with PKI,
refer to the following link:
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0
080455b6a.html
–
Password aging—The Easy VPN server configured on the router can notify a user that their
passwords is expiring and prompt them to change it.
–
Split DNS—Split DNS enables Cisco routers to answer DNS queries using the internal
hostname cache specified by a selected virtual DNS name server.
–
Cisco Tunneling Control Protocol (cTCP)—cTCP is a protocol that encapsulates Encapsulating
Security Payload (ESP) and Internet Key Exchange (IKE) traffic in the TCP header, so that
firewalls in between the client and the server or headend device permit this traffic, considering
it as TCP traffic.
For more information on password aging, split DNS, and cTCP, refer to the following link:
http://www.cisco.com/en/US/products/ps6441/prod_bulletin09186a00804a84ad.html
–
Identical Addressing Support—Identical Addressing provides the ability to reach devices
having identical IP addresses over an EasyVPN connection through the use of Network Address
Translation.
For more information about Identical Addressing Support, refer to
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a008
01541d5.html#wp1335885
–
Syslog Message Enhancements—Easy VPN syslog messages can be globally enabled on the
Easy VPN server. Syslog messages can be enabled for all Easy VPN client connections or for
client connections belonging to specific groups.
• Zone-Based Policy Firewall (ZPF) Voice Protocol Support—Cisco SDM supports theSession
Initiation Protocol (SIP), H.323 protocol, and Skinny Client Control Protocol (SCCP) protocol.
• ZPF user interface enhancements.
• Wireless Application Enhancements—Cisco SDM supports the following enhancements:
–
Advanced Encryption Standard-Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol (AES-CCMP)
–
IEEE 802.1x Local Authentication Service for Extensible Authentication Protocol-Flexible
Authentication via Secure Tunneling (EAP-FAST).
–
Service Set Identifier (SSID) Globalization
–
Multiple Basic Service Set IDs (BSSID).
–
Wireless Root, Non-Root Bridge & Universal Client Mode
–
Multiple Encrypted VLANs