Solved: ASA error

mze · ‎04-20-2022

When attempting to enable DTLSv1.2 getting below error

Rob Ingram · ‎04-20-2022

@mze here...https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn63389

https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/release/notes/asarn910.html

DTLS 1.2, as defined in RFC- 6347, is now supported for AnyConnect remote access in addition to the currently supported DTLS 1.0 (1.1 version number is not used for DTLS.) This applies to all ASA models except the 5506-X, 5508-X, and 5516-X; and applies when the ASA is acting as a server only, not a client. DTLS 1.2 supports additional ciphers, as well as all current TLS/DTLS cyphers, and a larger cookie size.

View solution in original post

Rob Ingram · ‎04-20-2022

@mze unfortunately you cannot enable DTLS 1.2 on those older ASA (5506-X, 5508-X, and 5516-X).

Alternatively you could run IKEv2/IPSec which would get you comparable performance to DTLS1.2 or upgrade the hardware.

mze · ‎04-20-2022

thanks Rob for quick response is there cisco docuemntation which i can refer for validation

Rob Ingram · ‎04-20-2022

@mze here...https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn63389

https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/release/notes/asarn910.html

DTLS 1.2, as defined in RFC- 6347, is now supported for AnyConnect remote access in addition to the currently supported DTLS 1.0 (1.1 version number is not used for DTLS.) This applies to all ASA models except the 5506-X, 5508-X, and 5516-X; and applies when the ASA is acting as a server only, not a client. DTLS 1.2 supports additional ciphers, as well as all current TLS/DTLS cyphers, and a larger cookie size.