Re: DTLS 1.2 & 5506

honza.sotek · ‎10-26-2018

Why is not supported 5506? After removed FirePower has got lot of CPU & RAM resources, now.

Karsten Iwen · ‎10-28-2018

That is a question to ask your local Cisco SE. And it's probably not related to ASA resources, more likely is that it's not deemed important enough at Cisco (sadly, I also hope for DTLS 1.2).

Karsten Iwen · ‎10-30-2018

I just see that the newly released ASA version 9.10 nor supports DTLS 1.2, but not on the 5506. Did you refer to that and not the general availability? Perhaps it's really caused by limited resources when some CPU/RAM is permanently reserved for a security-module. But I hope that Cisco will later also implement it for the 5506.

honza.sotek · ‎10-30-2018

For Firepower was reserved 3 core and now when is gone argument with limited resources is absurdly.

Karsten Iwen · ‎10-30-2018

Well, I assume that this is a discussion that should better be done with someone from ASA product management.

honza.sotek · ‎10-31-2018

Do you know somebody? Or can you open TAC with question?

a.friedl · ‎12-16-2018

Opened an official enhancement request:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn63389

Suggest to apply to it, maybe Cisco will change their mind...

honza.sotek · ‎12-17-2018

Thanks!!!!

HTS_LLC · ‎02-06-2019

We have the 5516. I have absolutely no doubt that we have no risk of overwhelming system resources. We really do want DTLS v.1.2 enabled on Kenton platforms, and I don't understand why this feature isn't available. If it's in development as a lower-priority feature until later in the year, I can understand it, just so long as we get it.

blocke01 · ‎06-24-2019

Another reason I deeply regret buying ASA hardware (5516X) as VPN termination. What a terrible platform.

Anonymous · ‎04-07-2020

ASA 9.14 still doesn't support DTLS 1.2 on the 5506/5508/5516.

HTS_LLC · ‎04-27-2020

I'm starting to worry that they may never support DTLSv1.2 for the 5516. If they permanently sacrificed that functionality for the Firepower module that we don't get use from, it's going to give us serious pause in considering their small business products, going forward. That's not a satisfactory end result.

Karsten Iwen · ‎04-27-2020

I recently heard that it is a limitation of the used hardware for this missing feature and that the 5506/5508/5516 will never be able to do DTLS 1.2.

Kind of sad as I also have a couple of these devices in the field.

HTS_LLC · ‎04-27-2020

As do we. Part of the selling point of deploying this hardware was the implied future support for DTLSv1.2. That would have been of much more use than Firepower. If it was never Cisco's intention to support it, they should have been upfront about that, rather than hiding behind the argument that the spec "wasn't finalized yet." We've deployed this hoping for the feature set to become available, and it's looking like it never will be.