Hey guys,

I have ASA5525, FPR2110, and old 5515. On all of them, the SSL setting is:

ssl server-version tlsv1.2
ssl client-version tlsv1.2
ssl cipher default fips
ssl cipher tlsv1 fips
ssl cipher tlsv1.1 fips
ssl cipher tlsv1.2 fips
ssl cipher dtlsv1 fips
ssl dh-group group5
ssl trust-point SSL_55ty
ssl trust-point Trev Outside
ssl trust-point Trev Outside vpnlb-ip

And SSL output:

Accept connections using SSLv3 or greater and negotiate to TLSv1.2 or greater
Start connections using TLSv1.2 and negotiate to TLSv1.2 or greater
SSL DH Group: group5 (1536-bit modulus)
SSL ECDH Group: group19 (256-bit EC)

SSL trust-points:
Self-signed (RSA 2048 bits RSA-SHA256) certificate available
Self-signed (EC 256 bits ecdsa-with-SHA256) certificate available
Default: SSL_SPdata (RSA 2048 bits RSA-SHA256)
Interface Outside: Trev (RSA 2048 bits RSA-SHA384)
VPNLB interface Outside: Trev (RSA 2048 bits RSA-SHA384)
Certificate authentication is not enabled

When I connect with my anyconnect to 5515 the connection is DTLSv1.2:

But on FPR2110 and 5525 I get DTLSv1.0:

Why 2110 and 5525 do not force the client to DTLSv1.2?

Thanks