Hi Vinod,
Datagram Transport Layer Security (DTLS) avoids latency and bandwidth problems associated with some SSL-only connections, including AnyConnect connections, and improves the performance of real-time applications that are sensitive to packet delays. DTLS allows the AnyConnect client that establishes an SSL VPN connection to use two simultaneous tunnels, an SSL tunnel and a DTLS tunnel.
If you use DTLS, it avoids latency and bandwidth problems associated with some SSL connections and improves the performance of real-time applications that are sensitive to packet delays. DTLS is a standards-based SSL protocol that provides a low-latency data path that uses UDP. DTLS can be enabled with the svc dtls enable command, as shown:
hostname(config)#group-policy sales attributes
hostname(config-group-policy)#webvpn
hostname(config-group-webvpn)#svc dtls enable
Also, if you disable compression and df-bit-ignore, latency and bandwidth problems are reduced. df-bit-ignore can be enabled and compression can be disabled as shown here:
hostname(config)#group-policy attributes
hostname(config-group-policy)#webvpn
hostname(config-group-webvpn)#svc df-bit-ignore enable
hostname(config-group-webvpn)#svc routing-filtering-ignore enable
hostname(config-group-webvpn)#svc mtu 1200
hostname(config-group-webvpn)#svc compression none
Also, modifying outside ACLs on ASA to allow UDP port 443 will resolve the latency issue.
Hope this helps,
Sian