5-3
Cisco AnyConnect VPN Client Administrator Guide
OL-12950-012
Chapter 5 Configuring AnyConnect Features Using ASDM
Enabling Datagram Transport Layer Security (DTLS) with AnyConnect (SSL) Connections
If you do not enable DTLS, AnyConnect client users establishing SSL VPN connections connect only
with an SSL VPN tunnel. To enable DTLS, use the Datagram TLS setting in either Group Policy or
Username. The paths to this setting are:
• Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit >
Add or Edit Internal Group Policy > Advanced > SSL VPN Client
• Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add
or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client
• Device Management > Users/AAA > User Accounts > Add or Edit > Add or Edit User Account >
VPN Policy > SSL VPN Client
Figure 5-2 sho
ws an example of configuring the DTLS setting for an internal group policy.
Figure 5-2 Enabling or Disabling DTLS
Note When using the AnyConnect client with DTLS on security appliance, Dead Peer Detection must be
enabled in the group policy on the security appliance to allow the AnyConnect client to fall back to TLS,
if necessary. Fallback to TLS occurs if the AnyConnect client cannot send data over the UPD/DTLS
session, and the DPD mechanism is necessary for fallback to occur.
To Next Page
Loading...
Need help?
General