Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9409
Views
0
Helpful
3
Replies

Cisco ASA TLS update to 1.2

borman.bravo
Level 1
Level 1

‎05-20-2020 07:27 AM

Hello everyone, I was planning on migrating my ASA 9.8 to TLS 1.2, the process itself seems pretty simple but was wondering if anyone had any experiences with this, I understand AnyConnect and ASDM services will be affected by this, any recommendations are welcome.

Labels:
0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎05-20-2020 07:41 AM

Hi,

Do you mean DTLS 1.2? ASA AnyConnect SSLVPNs primarily use DTLS as you get better performance with DTLS, TLS would only usually be used as fall back if DTLS (UDP/443) was blocked. DTLS 1.2 was first introduced with ASA 9.10, 9.12.3 is the current recommended version. You'll will also need to at least use AnyConnect 4.7 to use DTLS 1.2.

 

Client computers should not have an issue running TLS 1.2. When using ASDM with TLS 1.2 then you may need to upgrade the Java version to ensure support.

 

Refer to this page for best practice and performance for ASA.

https://community.cisco.com/t5/security-documents/asa-best-practices-for-remote-access-vpn-performance/ta-p/4070579#toc-hId-2147167307

 

HTH

0 Helpful

borman.bravo
Level 1
Level 1
In response to Rob Ingram

‎05-20-2020 07:54 AM

Thanks! I meant TLS 1.2 on the ASA, not DTLS at the moment:

 

#ssl server-version tlsv1.2

#ssl client-version tlsv1.2

0 Helpful

Rob Ingram
VIP
VIP
In response to borman.bravo

‎05-20-2020 08:07 AM

Ok, if you are using up to date Operating Systems such as Windows 10, they will natively support TLS 1.2, so no issues there.
As mentioned, if using ASDM you might need to upgrade java.
0 Helpful
Customers Also Viewed These Support Documents