09-13-2022 01:02 AM
Hi Gurus,
I'm a software engineer by trade. I've been assigned the task to verify our applications able to work after disabling TLS 1.1 on Windows 10 Enterprise Edition client machines. Customer will be moving on to TLS 1.2.
Some details
AnyConnect client 4.10.01075
Cisco FTD 1120
Cisco FMC for VMWare. Software Version 6.4.0.12 (Build 112)
My understanding on the requirements for DTLS v1.2 support
1. AnyConnect client version 4.7 and above
2. Cisco FMC version 6.6 and above
Will disabling TLS 1.1 on Windows 10 machine affect our setup? Will it prevents AnyConnect client 4.10.0175 from connecting and establishing the VPN connection?
TIA for any response.
Solved! Go to Solution.
09-13-2022 01:12 AM
@tankenghua you should be ok in just disabling TLS/DTLS 1.0 and 1.1 from the windows side, assuming you've upgraded the FMC and FTD to version 6.6 or higher (7.0.4 is the current Cisco gold star recommended version). You should consider configuring the FMC/FTD to not only require TLS/DTLS 1.2 but also to use the most secure ciphers, example here.
09-13-2022 01:32 AM
@tankenghua yes that is accurate, for FMC 6.6 the minimum supported ESX version is 6.0.....in short you would need to upgrade your ESX environment to 6.X in order to use DTLS 1.2 which was released in 6.6.
09-13-2022 01:12 AM
@tankenghua you should be ok in just disabling TLS/DTLS 1.0 and 1.1 from the windows side, assuming you've upgraded the FMC and FTD to version 6.6 or higher (7.0.4 is the current Cisco gold star recommended version). You should consider configuring the FMC/FTD to not only require TLS/DTLS 1.2 but also to use the most secure ciphers, example here.
09-13-2022 01:27 AM
@Rob Ingram Thank you for the prompt response and advise. Much appreciated.
My understanding from a former colleague the newer version of FMC is not supported on our ESXi version.
Our FMC is hosted on a legacy ESXi VMWare 5.1.
09-13-2022 01:32 AM
@tankenghua yes that is accurate, for FMC 6.6 the minimum supported ESX version is 6.0.....in short you would need to upgrade your ESX environment to 6.X in order to use DTLS 1.2 which was released in 6.6.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide