I recently upgraded our asa 5516-x to firmware 9.10 to get the dtlsv1.2 feature for anyconnect. After upgrading the firmware I noticed the clients were still not connecting using dtlsv1.2 but dtlsv1.0. I also had installed the latest version of anyconnect.
I then went into the asdm tool and went to device manager->advanced->ssl setup and you can see there is a bubble box next to "The minimum ssl version for the security applieance to negotiate as a "Server"." and it was set to DTLSV1 I changed it to 1.2 and it errors out
Considering the release notes of ASA 9.10 seems like this is not supported on some specific hardware:
DTLS 1.2 support for AnyConnect VPN remote access connections.
DTLS 1.2, as defined in RFC- 6347, is now supported for AnyConnect remote access in addition to the currently supported DTLS 1.0 (1.1 version number is not used for DTLS.) This applies to all ASA models except the 5506-X, 5508-X, and 5516-X; and applies when the ASA is acting as a server only, not a client. DTLS 1.2 supports additional ciphers, as well as all current TLS/DTLS cyphers, and a larger cookie size.
ASA Multi-Context virtualizes single hardware and transforms it into multiple small firewalls which can help the enterprise to segment their networks efficiently and manage effectively. Similarly, service providers leverage this to provide firewall servi...
These are few tips that will help you with your first deployment of ISE. For advanced tips, please read Advanced ISE tips to make your deployment easier
Don’t get locked out of the system
During the ISE installation you are asked to enter a ...
This guide helps in troubleshooting the IBM QRadar pxGrid App. It is assumed that the ISE pxGrid App has already been installed in QRadar. The official IBM QRadar pxGrid App How-to Guide can be downloaded from: https://exchange.xforce.ibmcloud.com/...
Join us live on Tuesday, July 16 at 10 am PT to learn how integration and automation are the key to successful security designs. We’ll answer questions about Threat Response and also do a quick demo of our browser plugin and our latest integration wi...