Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1230
Views
0
Helpful
3
Replies

ASA error

Go to solution
mze
Level 1
Level 1

‎04-20-2022 05:03 AM - edited ‎05-02-2022 03:30 AM

 

When attempting to enable  DTLSv1.2 getting below error

 

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to Rob Ingram

‎04-20-2022 05:19 AM - edited ‎04-20-2022 05:21 AM

@mze here...https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn63389

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/release/notes/asarn910.html

 

DTLS 1.2, as defined in RFC- 6347, is now supported for AnyConnect remote access in addition to the currently supported DTLS 1.0 (1.1 version number is not used for DTLS.) This applies to all ASA models except the 5506-X, 5508-X, and 5516-X; and applies when the ASA is acting as a server only, not a client. DTLS 1.2 supports additional ciphers, as well as all current TLS/DTLS cyphers, and a larger cookie size.

 

 

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎04-20-2022 05:12 AM

@mze unfortunately you cannot enable DTLS 1.2 on those older ASA (5506-X, 5508-X, and 5516-X).

Alternatively you could run IKEv2/IPSec which would get you comparable performance to DTLS1.2 or upgrade the hardware.

0 Helpful

Go to solution
mze
Level 1
Level 1
In response to Rob Ingram

‎04-20-2022 05:14 AM

thanks Rob for quick response is there cisco docuemntation which i can refer for validation 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Rob Ingram

‎04-20-2022 05:19 AM - edited ‎04-20-2022 05:21 AM

@mze here...https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn63389

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/release/notes/asarn910.html

 

DTLS 1.2, as defined in RFC- 6347, is now supported for AnyConnect remote access in addition to the currently supported DTLS 1.0 (1.1 version number is not used for DTLS.) This applies to all ASA models except the 5506-X, 5508-X, and 5516-X; and applies when the ASA is acting as a server only, not a client. DTLS 1.2 supports additional ciphers, as well as all current TLS/DTLS cyphers, and a larger cookie size.

 

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card