https://community.cisco.com/t5/network-security/asa-error/m-p/4596069#M1089350 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/425791">@mze</a> unfortunately you cannot enable DTLS 1.2 on those older ASA (5506-X, 5508-X, and 5516-X).</P> <P>Alternatively you could run IKEv2/IPSec which would get you comparable performance to DTLS1.2 or upgrade the hardware.</P> Wed, 20 Apr 2022 12:12:17 GMT Rob Ingram 2022-04-20T12:12:17Z https://community.cisco.com/t5/network-security/asa-error/m-p/4596063#M1089349 <P>&nbsp;</P><P>When attempting to enable &nbsp;DTLSv1.2 getting below error</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 02 May 2022 10:30:08 GMT https://community.cisco.com/t5/network-security/asa-error/m-p/4596063#M1089349 mze 2022-05-02T10:30:08Z https://community.cisco.com/t5/network-security/asa-error/m-p/4596069#M1089350 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/425791">@mze</a> unfortunately you cannot enable DTLS 1.2 on those older ASA (5506-X, 5508-X, and 5516-X).</P> <P>Alternatively you could run IKEv2/IPSec which would get you comparable performance to DTLS1.2 or upgrade the hardware.</P> Wed, 20 Apr 2022 12:12:17 GMT https://community.cisco.com/t5/network-security/asa-error/m-p/4596069#M1089350 Rob Ingram 2022-04-20T12:12:17Z https://community.cisco.com/t5/network-security/asa-error/m-p/4596071#M1089351 <P>thanks Rob for quick response is there cisco docuemntation which i can refer for validation&nbsp;</P> Wed, 20 Apr 2022 12:14:20 GMT https://community.cisco.com/t5/network-security/asa-error/m-p/4596071#M1089351 mze 2022-04-20T12:14:20Z https://community.cisco.com/t5/network-security/asa-error/m-p/4596075#M1089352 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/425791">@mze</a> here...<A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn63389" target="_blank" rel="noopener">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn63389</A></P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/release/notes/asarn910.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/release/notes/asarn910.html</A></P> <P>&nbsp;</P> <P class="p">DTLS 1.2, as defined in RFC- 6347, is now supported for AnyConnect remote access in addition to the currently supported DTLS 1.0 (1.1 version number is not used for DTLS.) <STRONG>This applies to all ASA models except the 5506-X, 5508-X, and 5516-X</STRONG>; and applies when the ASA is acting as a server only, not a client. DTLS 1.2 supports additional ciphers, as well as all current TLS/DTLS cyphers, and a larger cookie size.</P> <P class="p">&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 20 Apr 2022 12:21:52 GMT https://community.cisco.com/t5/network-security/asa-error/m-p/4596075#M1089352 Rob Ingram 2022-04-20T12:21:52Z