07-16-2010 05:16 AM - edited 02-21-2020 04:44 PM
Hi,
Suppose I configure IPSec VPN with certificate authentication for Cisco VPN client (during IKE phase 1),
Cisco ASA is also configured with certificates from the same CA server and I am able to download CRL.
IPSec VPN is functional.
Later, I revoke VPN client certificate from CA server and I download CRL to Cisco ASA again. VPN client is still able to connect to Cisco ASA.
What am I doing wrong?
07-16-2010 08:29 AM
Did you check through the CA Certificate options under Certificate Management in the ASDM? There are settings there related to checking for certiticate revocation and there's a checkbox to "Consider certficate valid if revocation information cannot be retrieved". When I first set up my CA, that was on by default.
07-17-2010 02:12 AM
Option "Consider certficate valid if revocation information cannot be retrieved" is not selected. Restart of CA server solved the problem, :-D.
Thank you
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: