Configuring Dtls - Cisco 5505 - ASA Firewall Edition Bundle Administrator's Manual

Chapter 5 Configuring AnyConnect Features Using ASDM
Enabling Datagram Transport Layer Security (DTLS) with AnyConnect (SSL) Connections
To enable DTLS for a specific interface, select Configuration > Remote Access VPN > Network (Client)
Access > Advanced > SSL VPN Connection profiles. The SSL VPN Connection Profiles dialog box
opens (Figure 5-1).
Figure 5-1 Enable DTLS Check Box
To enable DTLS on an interface, select the check box in its row. To specify a separate UDP port to use
for AnyConnect, enter the port number in the UDP Port field. The default value is port 443.

Configuring DTLS

If DTLS is configured and UDP is interrupted, the remote user's connection automatically falls back
from DTLS to TLS. The default is enabled; however, DTLS is not enabled by default on any individual
interface.
Enabling DTLS allows the AnyConnect client establishing an AnyConnect VPN connection to use two
simultaneous tunnels—an SSL tunnel and a DTLS tunnel. Using DTLS avoids latency and bandwidth
problems associated with some SSL connections and improves the performance of real-time applications
that are sensitive to packet delays.
Cisco AnyConnect VPN Client Administrator Guide
5-2
OL-12950-012