Enabling Datagram Transport Layer Security (Dtls) With Anyconnect (Ssl) Connections - Cisco 5505 - ASA Firewall Edition Bundle Administrator's Manual

Chapter 5 Configuring AnyConnect Features Using ASDM
If you do not enable DTLS, AnyConnect client users establishing SSL VPN connections connect only
with an SSL VPN tunnel. To enable DTLS, use the Datagram TLS setting in either Group Policy or
Username. The paths to this setting are:
Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit >
•
Add or Edit Internal Group Policy > Advanced > SSL VPN Client
Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add
•
or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client
Device Management > Users/AAA > User Accounts > Add or Edit > Add or Edit User Account >
•
VPN Policy > SSL VPN Client
Figure 5-2
Figure 5-2
Note When using the AnyConnect client with DTLS on security appliance, Dead Peer Detection must be
enabled in the group policy on the security appliance to allow the AnyConnect client to fall back to TLS,
if necessary. Fallback to TLS occurs if the AnyConnect client cannot send data over the UPD/DTLS
session, and the DPD mechanism is necessary for fallback to occur.
OL-12950-012

Enabling Datagram Transport Layer Security (DTLS) with AnyConnect (SSL) Connections

shows an example of configuring the DTLS setting for an internal group policy.
Enabling or Disabling DTLS
Cisco AnyConnect VPN Client Administrator Guide
5-3