Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
15516
Views
0
Helpful
3
Replies

Disabling TLS 1.0 on ASA

Go to solution
Nub65
Level 1
Level 1

‎08-05-2020 01:40 AM

Hello,

 

Due to security reasons, we were advised to disable TLS 1.0 on ASA.

My concern is what might go wrong after disabling it?

2 people had this problem
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎08-05-2020 01:51 AM

Hi,
TLS would be used for managment via ASDM and if enabled SSL-VPN. You probably want to be running TLS 1.2 as a minimum.

You should ensure you are running ASA version 9.10 or higher and AnyConnect 4.7 or higher, which supports TLS/DTLS 1.2.
You should also upgrade or check you are running an version of java that supports TLS 1.1/1.2, otherwise you would not be able to login to ASDM.

HTH

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-05-2020 05:23 AM

I regularly disable TLS 1.1 and earlier versions on ASAs I configure. As long as you are running current ASA and AnyConnect releases (and Java on the client side for ASDM) as @Rob Ingram mentioned there should be no negative impact.

View solution in original post

0 Helpful

Go to solution
Brad_Shawh
Level 1
Level 1
In response to Rob Ingram

‎08-05-2020 06:51 AM

We recently upgraded to TLS 1.2, and we are currently on Anyconnect 4.4

 

@Nub65  As is, you won't face any issue, unless the clients (connecting to VPN) do not support TLS version you are configuring.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎08-05-2020 01:51 AM

Hi,
TLS would be used for managment via ASDM and if enabled SSL-VPN. You probably want to be running TLS 1.2 as a minimum.

You should ensure you are running ASA version 9.10 or higher and AnyConnect 4.7 or higher, which supports TLS/DTLS 1.2.
You should also upgrade or check you are running an version of java that supports TLS 1.1/1.2, otherwise you would not be able to login to ASDM.

HTH
0 Helpful

Go to solution
Brad_Shawh
Level 1
Level 1
In response to Rob Ingram

‎08-05-2020 06:51 AM

We recently upgraded to TLS 1.2, and we are currently on Anyconnect 4.4

 

@Nub65  As is, you won't face any issue, unless the clients (connecting to VPN) do not support TLS version you are configuring.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-05-2020 05:23 AM

I regularly disable TLS 1.1 and earlier versions on ASAs I configure. As long as you are running current ASA and AnyConnect releases (and Java on the client side for ASDM) as @Rob Ingram mentioned there should be no negative impact.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card