Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
414
Views
0
Helpful
1
Replies

AnyConnect on ASA: DTLS Sessions established despite it being disabled in Group-Policy

Max-Morten Conrad
Level 1
Level 1

‎02-03-2021 03:46 AM

Hi guys,

 

a strange issue I am observing right now on an ASA5515-X with ASA-OS 9.8(4)29:

 

- DTLS is disabled in group-policy via 'group-policy POLICYNAME attributes; webvpn; anyconnect ssl dtls none'

- despite this some users (that have said group-policy applied via LDAP map) show up in 'show vpn-sessiondb' as having DTLS tunnels established with TX/RX values going up

 

Can DTLS be disabled in other ways?

 

Thanks in advance and best regards

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎02-03-2021 03:56 AM

Hi @Max-Morten Conrad 

You can disable DTLS globally:-

 

webvpn svc dtls none

 Why do you need to disable DTLS? You get better performance with DTLS than TLS.

0 Helpful
Customers Also Viewed These Support Documents