cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1639
Views
0
Helpful
5
Replies

Anyconnect 4.9 on ASA 5516-X

Phil Bradley
Level 4
Level 4

Is anyconnect 4.9 supported on an ASA-5516x? According to the release notes it states:

ASA Requirements for AnyConnect

Minimum ASA/ASDM Release Requirements for Specified Features

  • You must upgrade to ASA 9.10.1 (or later) and ASDM 7.10.1 (or later) to use DTLSv1.2.
     

     


    Note

    DTLSv1.2 is supported on all ASA models except the 5506-X, 5508-X, and 5516-X and applies when the ASA is acting as a server only, not a client. DTLS 1.2 supports additional ciphers, as well as all current TLS/DTLS ciphers and a larger cookie size.

     

    Does anyconnect 4.9 require DTLS 1.2? My main concern is CVE's that have been published and if these are not fixed in 4.8 will this require an ASA hardware upgrade?

     

    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW

1 Accepted Solution

Accepted Solutions

Hi @Phil Bradley 

No, AnyConnect 4.9 doesn't require DTLS 1.2, you just get the best performance if you did use DTLS 1.2 over previous DTLS versions or just TLS.

View solution in original post

5 Replies 5

Hi @Phil Bradley 

No, AnyConnect 4.9 doesn't require DTLS 1.2, you just get the best performance if you did use DTLS 1.2 over previous DTLS versions or just TLS.

Hi @Rob Ingram 

Ok, thanks. It will not allow me to connect to the ASA with 4.9 but I assume this is due to the proper DF groups not being enabled?

 

Do you mean DH (Diffie Hellman) groups? Provide your configuration and the output of "show ssl"

@Rob Ingram . Sorry I meant DH groups typo. That was the issue. Once I enabled the supported DH groups it connected. I was a bit confused on the article above stating that DTLS1.2 was required. I guess that is for additional features, or as @balaji.bandi mentioned, this is for business compliance requirements.

balaji.bandi
Hall of Fame
Hall of Fame

It is your business requirement, can the business required DTLS? - there is no must with 4.9

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: