Exam 350-701 topic 1 question 37 discussion

DTLS is UDP based which allows it to outperform TLS (TCP based)

A - DTLS

The ciphers available are TLS 1.2, DTLS 1.2 and IKEv2. A,B and C are not available on the system. If A was DTLSv1.2 then I think A would be the best choice.

A. DTLSv1 (Datagram Transport Layer Security version 1) provides the strongest throughput performance when using Cisco AnyConnect VPN. According to the Cisco document, DTLS (Datagram Transport Layer Security) is the default protocol used by the Cisco AnyConnect VPN Client for SSL connections, it can provide a better throughput performance compared to TLS (Transport Layer Security). DTLS uses UDP as the transport protocol, and it is designed for use in situations where the underlying transport protocol is unreliable, this allows DTLS to be more efficient than TCP-based TLS, especially in situations where network conditions are less than ideal. DTLS is a variation of the TLS protocol that is optimized for use over unreliable networks and is implemented on top of the User Datagram Protocol (UDP) to provide a more efficient and faster data transfer. It provides similar security to TLS and it is used by Cisco AnyConnect VPN client to secure communications between the VPN client and the VPN server.

A is correct By default, group policies on ASAs are configured to attempt establishing a DTLS tunnel. If UDP 443 traffic is blocked between the VPN headend and the AnyConnect client, it will automatically fallback to TLS. It is recommended to use DTLS or IKEv2 to increase maximum VPN throughput performance. DTLS offers better performance than TLS due to less protocol overhead. IKEv2 also offers better throughput than TLS. Additionally, using AES-GCM ciphers may slightly improve performance. These ciphers are available in TLS 1.2, DTLS 1.2 and IKEv2.