Suppose I configure IPSec VPN with certificate authentication for Cisco VPN client (during IKE phase 1),
Cisco ASA is also configured with certificates from the same CA server and I am able to download CRL.
IPSec VPN is functional.
Later, I revoke VPN client certificate from CA server and I download CRL to Cisco ASA again. VPN client is still able to connect to Cisco ASA.
What am I doing wrong?