cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3631
Views
30
Helpful
13
Replies

DTLS 1.2 & 5506

honza.sotek
Level 1
Level 1

Why is not supported 5506? After removed FirePower has got lot of CPU & RAM resources, now.

13 Replies 13

That is a question to ask your local Cisco SE. And it's probably not related to ASA resources, more likely is that it's not deemed important enough at Cisco (sadly, I also hope for DTLS 1.2).

I just see that the newly released ASA version 9.10 nor supports DTLS 1.2, but not on the 5506. Did you refer to that and not the general availability? Perhaps it's really caused by limited resources when some CPU/RAM is permanently reserved for a security-module. But I hope that Cisco will later also implement it for the 5506.

For Firepower was reserved 3 core and now when is gone argument with limited resources is absurdly. 

Well, I assume that this is a discussion that should better be done with someone from ASA product management.

Do you know somebody? Or can you open TAC with question?

Opened an official enhancement request:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn63389

 

Suggest to apply to it, maybe Cisco will change their mind... 

Thanks!!!!

HTS_LLC
Level 1
Level 1

We have the 5516. I have absolutely no doubt that we have no risk of overwhelming system resources. We really do want DTLS v.1.2 enabled on Kenton platforms, and I don't understand why this feature isn't available. If it's in development as a lower-priority feature until later in the year, I can understand it, just so long as we get it.

blocke01
Level 1
Level 1

Another reason I deeply regret buying ASA hardware (5516X) as VPN termination. What a terrible platform.

 

Anonymous
Level 1
Level 1
ASA 9.14 still doesn't support DTLS 1.2 on the 5506/5508/5516.

I'm starting to worry that they may never support DTLSv1.2 for the 5516. If they permanently sacrificed that functionality for the Firepower module that we don't get use from, it's going to give us serious pause in considering their small business products, going forward. That's not a satisfactory end result.

I recently heard that it is a limitation of the used hardware for this missing feature and that the 5506/5508/5516 will never be able to do DTLS 1.2.

Kind of sad as I also have a couple of these devices in the field.

As do we. Part of the selling point of deploying this hardware was the implied future support for DTLSv1.2. That would have been of much more use than Firepower. If it was never Cisco's intention to support it, they should have been upfront about that, rather than hiding behind the argument that the spec "wasn't finalized yet." We've deployed this hoping for the feature set to become available, and it's looking like it never will be.