Hello everyone, I was planning on migrating my ASA 9.8 to TLS 1.2, the process itself seems pretty simple but was wondering if anyone had any experiences with this, I understand AnyConnect and ASDM services will be affected by this, any recommendations are welcome.
Do you mean DTLS 1.2? ASA AnyConnect SSLVPNs primarily use DTLS as you get better performance with DTLS, TLS would only usually be used as fall back if DTLS (UDP/443) was blocked. DTLS 1.2 was first introduced with ASA 9.10, 9.12.3 is the current recommended version. You'll will also need to at least use AnyConnect 4.7 to use DTLS 1.2.
Client computers should not have an issue running TLS 1.2. When using ASDM with TLS 1.2 then you may need to upgrade the Java version to ensure support.
Refer to this page for best practice and performance for ASA.